b5180c57843751389a6a6b34e663d1c667f2eaf9ea702dc40aa743c462349514 | Triage

Sharing

General

Target

8d6e2f7148e38707cb98260b85ccdf80_NeikiAnalytics.exe
Size

3.6MB
Sample

240601-py6eyscf2w
MD5

8d6e2f7148e38707cb98260b85ccdf80
SHA1

e83882d006850f2e27123e75eabbc2d9c195bd5f
SHA256

b5180c57843751389a6a6b34e663d1c667f2eaf9ea702dc40aa743c462349514
SHA512

e4d896f4ff7cb2af62ce0d5558c95e3b383f5bf148798116528ecb47beca27cb1da7f772f8462f62c177fae6993d4fd2045c2fa4923223219877a5e1c8504226
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBbB/bSqz8:sxX7QnxrloE5dpUpMbVz8

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  8d6e2f7148e38707cb98260b85ccdf80_NeikiAnalytics.exe
- Size
  
  3.6MB
- MD5
  
  8d6e2f7148e38707cb98260b85ccdf80
- SHA1
  
  e83882d006850f2e27123e75eabbc2d9c195bd5f
- SHA256
  
  b5180c57843751389a6a6b34e663d1c667f2eaf9ea702dc40aa743c462349514
- SHA512
  
  e4d896f4ff7cb2af62ce0d5558c95e3b383f5bf148798116528ecb47beca27cb1da7f772f8462f62c177fae6993d4fd2045c2fa4923223219877a5e1c8504226
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBbB/bSqz8:sxX7QnxrloE5dpUpMbVz8
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer