Extracted

• • Target

    15dea671d174ad4388c357470163e820_NeikiAnalytics.exe

  • Size

    69KB

  • MD5

    15dea671d174ad4388c357470163e820

  • SHA1

    2f65120f3f3179ce8bd78c5b14b972d5334dd4c1

  • SHA256

    1265096a4e621d68a699dcb346236c797fd9478e3005d7c5656f862ada52a591

  • SHA512

    ba9a509f22efc5e496f71a5ff251670591925efd9bb8a60605fac0cb799d8a08f7572abe154cbea8c3e0881faf019bbb7953915faac2906f5705f2a4d7f412f9

  • SSDEEP

    768:dCNP88+hq2G/IS6nItuJDpbyVQH+8axkqolPDKjBPbgl/7mfzd0T+u1:k18PZ7JItMl8QxaM12jO1A0TF

  Score

  10^/10

  contiransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (7932) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2