General
-
Target
60a7bb9a23063c25fb08acd237e4f8e0_NeikiAnalytics.exe
-
Size
397KB
-
Sample
240530-c1r9wscc77
-
MD5
60a7bb9a23063c25fb08acd237e4f8e0
-
SHA1
9a29498ee19614179b7714d947af902c95d2baaa
-
SHA256
28c11a6c809352e442fd43a0925662bc8e99f5eca9e6b8013b0282fbbd0d5715
-
SHA512
18ad895ee8cfc051d1e5a9e05b6b5fe284a1036291a796247e32028d8b6ace4e5e23f07444cb26e371df5e8496076f1b77353169a9b9c2d8ac7688179b26365d
-
SSDEEP
12288:zKXamgUT3XjGJyaqDopXWXOUm40yBjKtI:m1
Static task
static1
Behavioral task
behavioral1
Sample
60a7bb9a23063c25fb08acd237e4f8e0_NeikiAnalytics.exe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
14.225.208.87:7000
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7045349621:AAEWXdu0-qUzFsivslR6_C1V9v4OITy8iuw/sendMessage?chat_id=1143992330
Targets
-
-
Target
60a7bb9a23063c25fb08acd237e4f8e0_NeikiAnalytics.exe
-
Size
397KB
-
MD5
60a7bb9a23063c25fb08acd237e4f8e0
-
SHA1
9a29498ee19614179b7714d947af902c95d2baaa
-
SHA256
28c11a6c809352e442fd43a0925662bc8e99f5eca9e6b8013b0282fbbd0d5715
-
SHA512
18ad895ee8cfc051d1e5a9e05b6b5fe284a1036291a796247e32028d8b6ace4e5e23f07444cb26e371df5e8496076f1b77353169a9b9c2d8ac7688179b26365d
-
SSDEEP
12288:zKXamgUT3XjGJyaqDopXWXOUm40yBjKtI:m1
-
Detect Xworm Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-