General
-
Target
92d50944c976c679d2b07a15800ceb10_NeikiAnalytics.exe
-
Size
519KB
-
Sample
240601-jd12vaea9t
-
MD5
92d50944c976c679d2b07a15800ceb10
-
SHA1
ff8595f7e332ec6632f30016b90a52963a19bc71
-
SHA256
f387f65dbb3d3203a24bf60d61ec7195a072203d18d56a3471ab34ad36658161
-
SHA512
752ab550ac60f4ec6fb89ba712a47ef8e464dbabf2334c34ed63b97df9df7e971f3350ec50e6ac52fecd4258d91f7c1f8d89f4cdaa5ad056acf3fe09608d77fd
-
SSDEEP
6144:MhOPW0K5Jgl0Ws55VPiDj6kODfT6F9pZmZXAeZsdXaTBJ2h9Kkw+tlZflIkn9C/P:NPuhXUlODf23Ih9BJyttlZlIkV
Malware Config
Targets
-
-
Target
92d50944c976c679d2b07a15800ceb10_NeikiAnalytics.exe
-
Size
519KB
-
MD5
92d50944c976c679d2b07a15800ceb10
-
SHA1
ff8595f7e332ec6632f30016b90a52963a19bc71
-
SHA256
f387f65dbb3d3203a24bf60d61ec7195a072203d18d56a3471ab34ad36658161
-
SHA512
752ab550ac60f4ec6fb89ba712a47ef8e464dbabf2334c34ed63b97df9df7e971f3350ec50e6ac52fecd4258d91f7c1f8d89f4cdaa5ad056acf3fe09608d77fd
-
SSDEEP
6144:MhOPW0K5Jgl0Ws55VPiDj6kODfT6F9pZmZXAeZsdXaTBJ2h9Kkw+tlZflIkn9C/P:NPuhXUlODf23Ih9BJyttlZlIkV
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (52) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1