General

  • Target

    14706c67a7e9b816539c77b462a686e0_NeikiAnalytics.exe

  • Size

    156KB

  • Sample

    240603-w1lxnaee8y

  • MD5

    14706c67a7e9b816539c77b462a686e0

  • SHA1

    6094ca46a53fdcdc3d210f4de1dd1f25eead9481

  • SHA256

    fbe873e26fbbe4d61edda0ff7c3d8d792a423eaab5c29d2c37e17fc4fed1461e

  • SHA512

    9f0b340a4bcf601f80ad1f33f8b2e225811784645e4338250174490a8a8678ace8d1ec526c629bdc2dd32f95aa58cd13cbecbfae372fa5d475191e123373793d

  • SSDEEP

    3072:6YBMPJ4T2vaHfQmuKM7U6L9sxsHrl3B0mhQjUqvG44oQZiETz:zBy4Sva/QVK+SxsHrl3B0mhPq+cW9

Score
10/10

Malware Config

Targets

    • Target

      14706c67a7e9b816539c77b462a686e0_NeikiAnalytics.exe

    • Size

      156KB

    • MD5

      14706c67a7e9b816539c77b462a686e0

    • SHA1

      6094ca46a53fdcdc3d210f4de1dd1f25eead9481

    • SHA256

      fbe873e26fbbe4d61edda0ff7c3d8d792a423eaab5c29d2c37e17fc4fed1461e

    • SHA512

      9f0b340a4bcf601f80ad1f33f8b2e225811784645e4338250174490a8a8678ace8d1ec526c629bdc2dd32f95aa58cd13cbecbfae372fa5d475191e123373793d

    • SSDEEP

      3072:6YBMPJ4T2vaHfQmuKM7U6L9sxsHrl3B0mhQjUqvG44oQZiETz:zBy4Sva/QVK+SxsHrl3B0mhPq+cW9

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks