1ba356dcacbd91924b52048b4cd044c6f6aac5acd0b54e91eeb6275da208516b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c4aa24347aa684a6334b4dc223ab4e0_NeikiAnalytics.exe
Size

58KB
Sample

240531-v5g9lafc91
MD5

5c4aa24347aa684a6334b4dc223ab4e0
SHA1

d45b8b1ad9752660aba55b13bebe07523c7a75c1
SHA256

1ba356dcacbd91924b52048b4cd044c6f6aac5acd0b54e91eeb6275da208516b
SHA512

cf9289ecbd4820fa62da830b53b7ab55fd5b360f1a0e4b381433b1bd6e4df89e813aa4d1b9a6cef834d3e14ec0464a2f5e31cf20d61abb854c3f35bc5f5d88ba
SSDEEP

768:9qSqC8+N5ozQQYncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqk+w:9rqfzQQYamN8835mv7CUroqkf

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  5c4aa24347aa684a6334b4dc223ab4e0_NeikiAnalytics.exe
- Size
  
  58KB
- MD5
  
  5c4aa24347aa684a6334b4dc223ab4e0
- SHA1
  
  d45b8b1ad9752660aba55b13bebe07523c7a75c1
- SHA256
  
  1ba356dcacbd91924b52048b4cd044c6f6aac5acd0b54e91eeb6275da208516b
- SHA512
  
  cf9289ecbd4820fa62da830b53b7ab55fd5b360f1a0e4b381433b1bd6e4df89e813aa4d1b9a6cef834d3e14ec0464a2f5e31cf20d61abb854c3f35bc5f5d88ba
- SSDEEP
  
  768:9qSqC8+N5ozQQYncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqk+w:9rqfzQQYamN8835mv7CUroqkf
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2