General
-
Target
824fd8d955d1151302f66ec1c56b8400_NeikiAnalytics.exe
-
Size
58KB
-
Sample
240531-2ek15afg4v
-
MD5
824fd8d955d1151302f66ec1c56b8400
-
SHA1
154876792da4f25744e0b944c24ba3e3396a5328
-
SHA256
e3f2c1d5d119a09d2955b7f06e02aaf55676b693f262dfcccf9168bac1779894
-
SHA512
b32154fc9f4be1250bdecdd400ef62bd0a70be44a8ffed26af567cb41501cb45d58130836ee983e0764b1ead549eee0991855c57d41e372e77f669962ea492a5
-
SSDEEP
1536:KpROyEcsUN5jsP2bjobRmxU+TCFI5rHOYgJB:Kp8yT5N5jtbjlZCFI5zOYqB
Behavioral task
behavioral1
Sample
824fd8d955d1151302f66ec1c56b8400_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
824fd8d955d1151302f66ec1c56b8400_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
xworm
127.0.0.1:14731
4.tcp.eu.ngrok.io:14731
0.tcp.eu.ngrok.io:14731
5.tcp.eu.ngrok.io:14731
7.tcp.eu.ngrok.io:14731
6.tcp.eu.ngrok.io:14731
2.tcp.eu.ngrok.io:14731
-
Install_directory
%AppData%
-
install_file
RADMIR_LAUNCHER.exe
Targets
-
-
Target
824fd8d955d1151302f66ec1c56b8400_NeikiAnalytics.exe
-
Size
58KB
-
MD5
824fd8d955d1151302f66ec1c56b8400
-
SHA1
154876792da4f25744e0b944c24ba3e3396a5328
-
SHA256
e3f2c1d5d119a09d2955b7f06e02aaf55676b693f262dfcccf9168bac1779894
-
SHA512
b32154fc9f4be1250bdecdd400ef62bd0a70be44a8ffed26af567cb41501cb45d58130836ee983e0764b1ead549eee0991855c57d41e372e77f669962ea492a5
-
SSDEEP
1536:KpROyEcsUN5jsP2bjobRmxU+TCFI5rHOYgJB:Kp8yT5N5jtbjlZCFI5zOYqB
Score10/10-
Detect Xworm Payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-