80455d9bbfe823c9d47d220720ee7f9dcf2291fdd4a46403888b54e13fa78078 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

907c5a8026934d89d6997f321e4e1940_NeikiAnalytics.exe
Size

262KB
Sample

240601-gzj94scd7z
MD5

907c5a8026934d89d6997f321e4e1940
SHA1

eecee36eaf5afd1e649e69b68ffe3b055d2cbb2b
SHA256

80455d9bbfe823c9d47d220720ee7f9dcf2291fdd4a46403888b54e13fa78078
SHA512

8dba5fa017dcd2bc2d72f0377d46001079692a46dbc2e534a89e04d2f008e4b81b1193d303f2c21e4e2f777e69d340f8a708a49c81d601c3c12e96bc77c9d1c2
SSDEEP

3072:O7BMvaWjzrLXQQJKgmSBAVpet2Ago1lMZC:saaWjz/gGKgmS+k2aL

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  907c5a8026934d89d6997f321e4e1940_NeikiAnalytics.exe
- Size
  
  262KB
- MD5
  
  907c5a8026934d89d6997f321e4e1940
- SHA1
  
  eecee36eaf5afd1e649e69b68ffe3b055d2cbb2b
- SHA256
  
  80455d9bbfe823c9d47d220720ee7f9dcf2291fdd4a46403888b54e13fa78078
- SHA512
  
  8dba5fa017dcd2bc2d72f0377d46001079692a46dbc2e534a89e04d2f008e4b81b1193d303f2c21e4e2f777e69d340f8a708a49c81d601c3c12e96bc77c9d1c2
- SSDEEP
  
  3072:O7BMvaWjzrLXQQJKgmSBAVpet2Ago1lMZC:saaWjz/gGKgmS+k2aL
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2