General

  • Target

    17f6220b942fe2baeb25c7810344b460_NeikiAnalytics.exe

  • Size

    441KB

  • Sample

    240602-bbqt4adb9x

  • MD5

    17f6220b942fe2baeb25c7810344b460

  • SHA1

    570f6a4b05655487a275a52c55eab9960d1d7e73

  • SHA256

    34807f97604dde54f87e7eb7f0ca5084e02baa4082028a5d380ea05750d54f3d

  • SHA512

    cdd961296190e0f5f6bc307b5bd102efdf64eb79f8f81cc981fbefd5b54e346bb6411a2393dde86d69388d5ed80261a90c841c4f7129045a199139aa586ba486

  • SSDEEP

    6144:JeHwXUljWrLJKuKnGML5NjcxFSsQLH5Ae:JyMU0g5NjaFSsPe

Score
10/10

Malware Config

Targets

    • Target

      17f6220b942fe2baeb25c7810344b460_NeikiAnalytics.exe

    • Size

      441KB

    • MD5

      17f6220b942fe2baeb25c7810344b460

    • SHA1

      570f6a4b05655487a275a52c55eab9960d1d7e73

    • SHA256

      34807f97604dde54f87e7eb7f0ca5084e02baa4082028a5d380ea05750d54f3d

    • SHA512

      cdd961296190e0f5f6bc307b5bd102efdf64eb79f8f81cc981fbefd5b54e346bb6411a2393dde86d69388d5ed80261a90c841c4f7129045a199139aa586ba486

    • SSDEEP

      6144:JeHwXUljWrLJKuKnGML5NjcxFSsQLH5Ae:JyMU0g5NjaFSsPe

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables use of System Restore points

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks