General
-
Target
8466e159e140065dbd65ddf8481275e0_NeikiAnalytics.exe
-
Size
44KB
-
Sample
240531-3jekksac87
-
MD5
8466e159e140065dbd65ddf8481275e0
-
SHA1
03fb87de2232c6f4a4a45b82cd021424fc3d16a9
-
SHA256
60afc160b8edabfb39d5aef5734f15da6485fbc53835b791308dcede8bd1e6f0
-
SHA512
5d4c87c7f8edd39187b6e2a64de075a8d478f7bf20a7180ce1e91bea7eee0024e1bce00528363db5a1ca0ebdc89b8879e292f40dedfe941c04fa08ffe311c10e
-
SSDEEP
768:BzeVrRdX1u1SkJqx7HCQ4V5HylI59qtlUgh8dL8U7Gz+m:V+TOjqxDCQlt/Ugad8UOx
Malware Config
Targets
-
-
Target
8466e159e140065dbd65ddf8481275e0_NeikiAnalytics.exe
-
Size
44KB
-
MD5
8466e159e140065dbd65ddf8481275e0
-
SHA1
03fb87de2232c6f4a4a45b82cd021424fc3d16a9
-
SHA256
60afc160b8edabfb39d5aef5734f15da6485fbc53835b791308dcede8bd1e6f0
-
SHA512
5d4c87c7f8edd39187b6e2a64de075a8d478f7bf20a7180ce1e91bea7eee0024e1bce00528363db5a1ca0ebdc89b8879e292f40dedfe941c04fa08ffe311c10e
-
SSDEEP
768:BzeVrRdX1u1SkJqx7HCQ4V5HylI59qtlUgh8dL8U7Gz+m:V+TOjqxDCQlt/Ugad8UOx
Score10/10-
Detected Xorist Ransomware
-
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-