General

  • Target

    8b42b8413cc9b2e9ed6a3aff23829520_NeikiAnalytics.exe

  • Size

    6.8MB

  • Sample

    240603-aqjtnadg47

  • MD5

    8b42b8413cc9b2e9ed6a3aff23829520

  • SHA1

    0d07459d6ce2fa9bf7c54e3ecac4ce329e4de19f

  • SHA256

    7eac79ccdcc51cda701dc1081cc3dff4ac3ba69be94a5ecf210b05eb9995cefa

  • SHA512

    fc3cdb385477812cff52a8025b4962358ae83e2b49014f1d585284160cc4e2f96801b771bb07f2ca2c3ca2e216557f14a7bc353466916cdd6545fa08d21f4d3e

  • SSDEEP

    98304:kr3tzdbM+Q2y+aq0opjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbQEJ1nL2hBnLw:kr3vf0o1OjmFQR4MVGFtwLPCnL2hVc/

Malware Config

Targets

    • Target

      8b42b8413cc9b2e9ed6a3aff23829520_NeikiAnalytics.exe

    • Size

      6.8MB

    • MD5

      8b42b8413cc9b2e9ed6a3aff23829520

    • SHA1

      0d07459d6ce2fa9bf7c54e3ecac4ce329e4de19f

    • SHA256

      7eac79ccdcc51cda701dc1081cc3dff4ac3ba69be94a5ecf210b05eb9995cefa

    • SHA512

      fc3cdb385477812cff52a8025b4962358ae83e2b49014f1d585284160cc4e2f96801b771bb07f2ca2c3ca2e216557f14a7bc353466916cdd6545fa08d21f4d3e

    • SSDEEP

      98304:kr3tzdbM+Q2y+aq0opjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbQEJ1nL2hBnLw:kr3vf0o1OjmFQR4MVGFtwLPCnL2hVc/

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks