General
-
Target
921f72d00e30164bbbda749cf2cd7090_NeikiAnalytics.exe
-
Size
264KB
-
Sample
240603-be3caseh64
-
MD5
921f72d00e30164bbbda749cf2cd7090
-
SHA1
dd8d5bc8561122dd25751cabdd098bc97bfb3cac
-
SHA256
e44d7b4ac02414c46a339af22623248d632a1f93a1f04ff9f1d6de11767eeacb
-
SHA512
ad9418f26d9a1cf77a868a756d567c56f52abf38702d22514ecba9afcbda6b31ae5852b1b497da676360b911b8ca139900537cfa022b424d9240123e60a5f663
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/I:WFzDqa86hV6uRRqX1evPlwAQ
Malware Config
Targets
-
-
Target
921f72d00e30164bbbda749cf2cd7090_NeikiAnalytics.exe
-
Size
264KB
-
MD5
921f72d00e30164bbbda749cf2cd7090
-
SHA1
dd8d5bc8561122dd25751cabdd098bc97bfb3cac
-
SHA256
e44d7b4ac02414c46a339af22623248d632a1f93a1f04ff9f1d6de11767eeacb
-
SHA512
ad9418f26d9a1cf77a868a756d567c56f52abf38702d22514ecba9afcbda6b31ae5852b1b497da676360b911b8ca139900537cfa022b424d9240123e60a5f663
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/I:WFzDqa86hV6uRRqX1evPlwAQ
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-