General

  • Target

    90a0f0f35a6465231c2551bdca76ec00_NeikiAnalytics.exe

  • Size

    75KB

  • Sample

    240601-g38f4sdc35

  • MD5

    90a0f0f35a6465231c2551bdca76ec00

  • SHA1

    3e85ad4f7fd47aeda0af3cffb341c6874d5ec2bb

  • SHA256

    50edb27e6cddc703db3a111c061c053b7b8c1bfc3786a40fd1a1d18166271a08

  • SHA512

    304257eabccefcb143e8566fd507b384e1e32b82270fa79b41e67752072f19ea4e11d0f8a6f35dc413ae18759303cf43cedb01c8f8df9114109c8cf151be2021

  • SSDEEP

    1536:Ox1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3s:uOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPE

Malware Config

Targets

    • Target

      90a0f0f35a6465231c2551bdca76ec00_NeikiAnalytics.exe

    • Size

      75KB

    • MD5

      90a0f0f35a6465231c2551bdca76ec00

    • SHA1

      3e85ad4f7fd47aeda0af3cffb341c6874d5ec2bb

    • SHA256

      50edb27e6cddc703db3a111c061c053b7b8c1bfc3786a40fd1a1d18166271a08

    • SHA512

      304257eabccefcb143e8566fd507b384e1e32b82270fa79b41e67752072f19ea4e11d0f8a6f35dc413ae18759303cf43cedb01c8f8df9114109c8cf151be2021

    • SSDEEP

      1536:Ox1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3s:uOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPE

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks