Extracted

• • Target

    7415b020bf2eed9fa0ff3a319f2d3e40_NeikiAnalytics.exe

  • Size

    212KB

  • MD5

    7415b020bf2eed9fa0ff3a319f2d3e40

  • SHA1

    9cf2dec0942555db1cc77be982e7e4484bca4d8c

  • SHA256

    a67b07be04fb143a3162c1aa6c7e9588c1fd0faef334dc16cc6fcf49bd2b780e

  • SHA512

    457dc5ff9689dee4fe5936f21394cd5668e8f9f7d5b0fca370bdfe25e0bb3f1ef804c97f634831c11f4552306faf19b798619bec48a8e7155f490338bd0d51e0

  • SSDEEP

    3072:Ds3v1H4kITXM+w4oH+WseM7wxs69r3v0zR5qwO3Vw0blXmr4ibpIgIo6e:6vsjzw3HzFfAR5JOFw0ZCVpvIo

  Score

  10^/10

  tofseeevasionexecutionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2