General

  • Target

    b3734f257efe4932471cca3dfca8c5f0_NeikiAnalytics.exe

  • Size

    3.8MB

  • Sample

    240603-wvrkysed9x

  • MD5

    b3734f257efe4932471cca3dfca8c5f0

  • SHA1

    30938943d273c194854887acebd4b1481dd0d6a4

  • SHA256

    379a08075ca33f52939e498a38dc94fc1dddb557ae1a66876df1d0097ceccf7b

  • SHA512

    7d4f3e48a1e2cf9104fe97a889e04d03137fb6e0292205d00f60aadaba38de6498ca86410b34956437915eaa15a95393914390fc246857731312e5ba2026194f

  • SSDEEP

    98304:g2mDMmD2mDc2mDMmD2mDe2mDMmD2mDc2mDMmD2mDM:g2mDMmD2mDc2mDMmD2mDe2mDMmD2mDcQ

Score
10/10

Malware Config

Targets

    • Target

      b3734f257efe4932471cca3dfca8c5f0_NeikiAnalytics.exe

    • Size

      3.8MB

    • MD5

      b3734f257efe4932471cca3dfca8c5f0

    • SHA1

      30938943d273c194854887acebd4b1481dd0d6a4

    • SHA256

      379a08075ca33f52939e498a38dc94fc1dddb557ae1a66876df1d0097ceccf7b

    • SHA512

      7d4f3e48a1e2cf9104fe97a889e04d03137fb6e0292205d00f60aadaba38de6498ca86410b34956437915eaa15a95393914390fc246857731312e5ba2026194f

    • SSDEEP

      98304:g2mDMmD2mDc2mDMmD2mDe2mDMmD2mDc2mDMmD2mDM:g2mDMmD2mDc2mDMmD2mDe2mDMmD2mDcQ

    Score
    10/10
    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

5
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks