General

  • Target

    6a3b73961aaf59a68034c98cea3f1a30_NeikiAnalytics.exe

  • Size

    487KB

  • Sample

    240530-11e7bscc86

  • MD5

    6a3b73961aaf59a68034c98cea3f1a30

  • SHA1

    0a78f5c8625735cc39e3fb1e05966803d747e260

  • SHA256

    61113d46fac84c03255967f8d498b74667f5352e20cd16eb90dec8db2150c181

  • SHA512

    c823195fcd1a51cc5f168efe73b2480dc732391a1c4a270862127bf9f4797fb35dcf3644cf2f6a218fb69fd91601becdb49a54202544bbb6d75c95f1f84769fb

  • SSDEEP

    6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVlv:n3C9ytvngQjgtvngSV3CPobNVp

Malware Config

Targets

    • Target

      6a3b73961aaf59a68034c98cea3f1a30_NeikiAnalytics.exe

    • Size

      487KB

    • MD5

      6a3b73961aaf59a68034c98cea3f1a30

    • SHA1

      0a78f5c8625735cc39e3fb1e05966803d747e260

    • SHA256

      61113d46fac84c03255967f8d498b74667f5352e20cd16eb90dec8db2150c181

    • SHA512

      c823195fcd1a51cc5f168efe73b2480dc732391a1c4a270862127bf9f4797fb35dcf3644cf2f6a218fb69fd91601becdb49a54202544bbb6d75c95f1f84769fb

    • SSDEEP

      6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVlv:n3C9ytvngQjgtvngSV3CPobNVp

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks