General
-
Target
6ccebd6be633b8240b4b7b54e91c97b0_NeikiAnalytics.exe
-
Size
326KB
-
Sample
240530-3ememaea4z
-
MD5
6ccebd6be633b8240b4b7b54e91c97b0
-
SHA1
2567633939cfe25067c16d3fbb287f13617e9c1f
-
SHA256
f296dc3e56090783f0e1d098a80c09dbe64ef5c6f23c16964ae8356a3dfcd2c5
-
SHA512
f2b11ec0306662afef08963338cf9fd28df81a6a6e7051917f93d1b7845a8a67dc0fbae0af6031b13c95df75ba8871fd25b54f954fdd5dbb3e3426f4ef6ad051
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Malware Config
Targets
-
-
Target
6ccebd6be633b8240b4b7b54e91c97b0_NeikiAnalytics.exe
-
Size
326KB
-
MD5
6ccebd6be633b8240b4b7b54e91c97b0
-
SHA1
2567633939cfe25067c16d3fbb287f13617e9c1f
-
SHA256
f296dc3e56090783f0e1d098a80c09dbe64ef5c6f23c16964ae8356a3dfcd2c5
-
SHA512
f2b11ec0306662afef08963338cf9fd28df81a6a6e7051917f93d1b7845a8a67dc0fbae0af6031b13c95df75ba8871fd25b54f954fdd5dbb3e3426f4ef6ad051
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-