General
-
Target
8b42b8413cc9b2e9ed6a3aff23829520_NeikiAnalytics.exe
-
Size
6.8MB
-
Sample
240603-aqjtnadg47
-
MD5
8b42b8413cc9b2e9ed6a3aff23829520
-
SHA1
0d07459d6ce2fa9bf7c54e3ecac4ce329e4de19f
-
SHA256
7eac79ccdcc51cda701dc1081cc3dff4ac3ba69be94a5ecf210b05eb9995cefa
-
SHA512
fc3cdb385477812cff52a8025b4962358ae83e2b49014f1d585284160cc4e2f96801b771bb07f2ca2c3ca2e216557f14a7bc353466916cdd6545fa08d21f4d3e
-
SSDEEP
98304:kr3tzdbM+Q2y+aq0opjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbQEJ1nL2hBnLw:kr3vf0o1OjmFQR4MVGFtwLPCnL2hVc/
Behavioral task
behavioral1
Sample
8b42b8413cc9b2e9ed6a3aff23829520_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
8b42b8413cc9b2e9ed6a3aff23829520_NeikiAnalytics.exe
-
Size
6.8MB
-
MD5
8b42b8413cc9b2e9ed6a3aff23829520
-
SHA1
0d07459d6ce2fa9bf7c54e3ecac4ce329e4de19f
-
SHA256
7eac79ccdcc51cda701dc1081cc3dff4ac3ba69be94a5ecf210b05eb9995cefa
-
SHA512
fc3cdb385477812cff52a8025b4962358ae83e2b49014f1d585284160cc4e2f96801b771bb07f2ca2c3ca2e216557f14a7bc353466916cdd6545fa08d21f4d3e
-
SSDEEP
98304:kr3tzdbM+Q2y+aq0opjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbQEJ1nL2hBnLw:kr3vf0o1OjmFQR4MVGFtwLPCnL2hVc/
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-