Overview

overview

10

Static

static

7

728a1d7045...cs.exe

windows7-x64

10

728a1d7045...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    728a1d70454cf8943c085f5a8c02f5a0_NeikiAnalytics.exe

  • Size

    282KB

  • Sample

    240531-cexbqabb5s

  • MD5

    728a1d70454cf8943c085f5a8c02f5a0

  • SHA1

    e2bfa2f3d4c955e9ba1965261fcc784fb3a86121

  • SHA256

    ab9f34b9265218221d26dfe9a378a486a60d236988c149c1e9f1b648029c24d4

  • SHA512

    d73e0dc9c1217ce7d9bbd719e272159f3e9683f7de11dd3c7832bcd8d060a01baaaeb7d50f31c65b9919a446f488756809581f93a45e36fad72d45e125a192a8

  • SSDEEP

    6144:1LCj4mVF0imsl6POfE1JPZNBlwkDF5N+oS4CJ4:1LquiZyBZN1J5N+oSe

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      728a1d70454cf8943c085f5a8c02f5a0_NeikiAnalytics.exe

    • Size

      282KB

    • MD5

      728a1d70454cf8943c085f5a8c02f5a0

    • SHA1

      e2bfa2f3d4c955e9ba1965261fcc784fb3a86121

    • SHA256

      ab9f34b9265218221d26dfe9a378a486a60d236988c149c1e9f1b648029c24d4

    • SHA512

      d73e0dc9c1217ce7d9bbd719e272159f3e9683f7de11dd3c7832bcd8d060a01baaaeb7d50f31c65b9919a446f488756809581f93a45e36fad72d45e125a192a8

    • SSDEEP

      6144:1LCj4mVF0imsl6POfE1JPZNBlwkDF5N+oS4CJ4:1LquiZyBZN1J5N+oSe

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks