General

  • Target

    3926f5b80fa522b6bfec6f2d9681f660_NeikiAnalytics.exe

  • Size

    195KB

  • Sample

    240602-fd2ftsbe3y

  • MD5

    3926f5b80fa522b6bfec6f2d9681f660

  • SHA1

    c916dbc97c293387cf1589469d6df786557f2ca9

  • SHA256

    12494941209afebdc8e6bb3a07e6b772f6bfbd928c8493f0b87b330ef93cdb3c

  • SHA512

    eb1e1473381e9907ccf33360c3bc255d1695e2ff32609f1fafb34dbe68ef1bc5edc874299cafd12aed696b963dba4687bd311370ed99909710790f18e80a00dd

  • SSDEEP

    6144:DIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCyOW:GKofHfHTXQLzgvnzHPowYbvrjD/L7QPo

Malware Config

Targets

    • Target

      3926f5b80fa522b6bfec6f2d9681f660_NeikiAnalytics.exe

    • Size

      195KB

    • MD5

      3926f5b80fa522b6bfec6f2d9681f660

    • SHA1

      c916dbc97c293387cf1589469d6df786557f2ca9

    • SHA256

      12494941209afebdc8e6bb3a07e6b772f6bfbd928c8493f0b87b330ef93cdb3c

    • SHA512

      eb1e1473381e9907ccf33360c3bc255d1695e2ff32609f1fafb34dbe68ef1bc5edc874299cafd12aed696b963dba4687bd311370ed99909710790f18e80a00dd

    • SSDEEP

      6144:DIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCyOW:GKofHfHTXQLzgvnzHPowYbvrjD/L7QPo

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks