General

  • Target

    90e2e7bb535dc2028bb0043324035ab0_NeikiAnalytics.exe

  • Size

    200KB

  • Sample

    240601-havvzsde49

  • MD5

    90e2e7bb535dc2028bb0043324035ab0

  • SHA1

    eb5f684078d94ceec7f7106b8d763f0aa7f3d062

  • SHA256

    1e97a4f7151c30703d51133c1f9a9f86aa862513e62824fd7a39d9ee9b4e7fb9

  • SHA512

    29f863dbb744a45bd27fc22436ba23929cdde751f60524cc411ad44b280a4f2c3b9557c0d2056f6e7977adaef3359b6f762a62b184654aa7690345efebca0735

  • SSDEEP

    3072:0w17W702Jmr6BTvVcONlVBEuPpgbKHtJ9x+r4+2poXHyuowGKaIugR5dkhBRxr:07I2K6BTtcO7fnPmQDRWGKIoSh/xr

Malware Config

Targets

    • Target

      90e2e7bb535dc2028bb0043324035ab0_NeikiAnalytics.exe

    • Size

      200KB

    • MD5

      90e2e7bb535dc2028bb0043324035ab0

    • SHA1

      eb5f684078d94ceec7f7106b8d763f0aa7f3d062

    • SHA256

      1e97a4f7151c30703d51133c1f9a9f86aa862513e62824fd7a39d9ee9b4e7fb9

    • SHA512

      29f863dbb744a45bd27fc22436ba23929cdde751f60524cc411ad44b280a4f2c3b9557c0d2056f6e7977adaef3359b6f762a62b184654aa7690345efebca0735

    • SSDEEP

      3072:0w17W702Jmr6BTvVcONlVBEuPpgbKHtJ9x+r4+2poXHyuowGKaIugR5dkhBRxr:07I2K6BTtcO7fnPmQDRWGKIoSh/xr

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks