General
-
Target
99e43e91864ebc3c8a5d1b3817c61f20_NeikiAnalytics.exe
-
Size
237KB
-
Sample
240530-ppj6csgh2y
-
MD5
99e43e91864ebc3c8a5d1b3817c61f20
-
SHA1
a127e569fb2ba1f890bac45947b4b53d1d6f7d66
-
SHA256
4e56516dfd1fa13c7e5475f98ddec36d2bed067013909af4c1028c61fc3ff089
-
SHA512
42d8386847440f75a5e65a0a25330a080358c3e62d4321d52bf7f562536526eade75c381011904586f80dab6ea80cfe497006f1e227d14e3096b265cc07402ab
-
SSDEEP
3072:hsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwR1l9B4hTn:GR5IuMQoseGk7RZBGxAycKpSPX2pUJ
Malware Config
Targets
-
-
Target
99e43e91864ebc3c8a5d1b3817c61f20_NeikiAnalytics.exe
-
Size
237KB
-
MD5
99e43e91864ebc3c8a5d1b3817c61f20
-
SHA1
a127e569fb2ba1f890bac45947b4b53d1d6f7d66
-
SHA256
4e56516dfd1fa13c7e5475f98ddec36d2bed067013909af4c1028c61fc3ff089
-
SHA512
42d8386847440f75a5e65a0a25330a080358c3e62d4321d52bf7f562536526eade75c381011904586f80dab6ea80cfe497006f1e227d14e3096b265cc07402ab
-
SSDEEP
3072:hsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwR1l9B4hTn:GR5IuMQoseGk7RZBGxAycKpSPX2pUJ
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1