General

  • Target

    8cd9d869d94a159c9047d451a6e643d0_NeikiAnalytics.exe

  • Size

    187KB

  • Sample

    240601-en2c5shd7s

  • MD5

    8cd9d869d94a159c9047d451a6e643d0

  • SHA1

    78bbf61236fcfea1663cd5946210a8a944c4c4e2

  • SHA256

    eeb249ef72b7a592dfd719253863c086980f506379e9f47a149a06f7c542d346

  • SHA512

    bf86ba2cd016b2ee7b9d391eab252ddeb52bdd4920815707f4aa7e9050dbb18b350d9f90f7931b96cf4eb9142238802a54334b6fa9da829c1078669d8816c8bf

  • SSDEEP

    3072:nRiMyWdPf3XNzyWm1bgpVL+COWHfksOHZEnEA94mttdE+mM72yIqPKKA6eD8B:5zlpcsT+COW/zOHKnEA94mttdE+mMSsZ

Malware Config

Targets

    • Target

      8cd9d869d94a159c9047d451a6e643d0_NeikiAnalytics.exe

    • Size

      187KB

    • MD5

      8cd9d869d94a159c9047d451a6e643d0

    • SHA1

      78bbf61236fcfea1663cd5946210a8a944c4c4e2

    • SHA256

      eeb249ef72b7a592dfd719253863c086980f506379e9f47a149a06f7c542d346

    • SHA512

      bf86ba2cd016b2ee7b9d391eab252ddeb52bdd4920815707f4aa7e9050dbb18b350d9f90f7931b96cf4eb9142238802a54334b6fa9da829c1078669d8816c8bf

    • SSDEEP

      3072:nRiMyWdPf3XNzyWm1bgpVL+COWHfksOHZEnEA94mttdE+mM72yIqPKKA6eD8B:5zlpcsT+COW/zOHKnEA94mttdE+mMSsZ

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks