General

  • Target

    9f22eb0437210539859c6810bb354fc0_NeikiAnalytics.exe

  • Size

    88KB

  • Sample

    240603-hhs2csgc83

  • MD5

    9f22eb0437210539859c6810bb354fc0

  • SHA1

    b0fa8e0307424ac00a983b768a6c7cf18a2fc823

  • SHA256

    a2e513e9c087e6de6e45b845e6e136cc4ec1106eccfe3062074b015735184276

  • SHA512

    6a2d95ec1f9db60eece95b53605ceeee7f0e77b39d1820789fe13ba8394be0628e36ecf313c77cdc49f0db3cf356097613fd3b52c69b06d1252539963f2b9555

  • SSDEEP

    1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI

Malware Config

Targets

    • Target

      9f22eb0437210539859c6810bb354fc0_NeikiAnalytics.exe

    • Size

      88KB

    • MD5

      9f22eb0437210539859c6810bb354fc0

    • SHA1

      b0fa8e0307424ac00a983b768a6c7cf18a2fc823

    • SHA256

      a2e513e9c087e6de6e45b845e6e136cc4ec1106eccfe3062074b015735184276

    • SHA512

      6a2d95ec1f9db60eece95b53605ceeee7f0e77b39d1820789fe13ba8394be0628e36ecf313c77cdc49f0db3cf356097613fd3b52c69b06d1252539963f2b9555

    • SSDEEP

      1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks