General
-
Target
7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
-
Size
231KB
-
Sample
240603-zar8jahg64
-
MD5
7bc6b8054abd6114c35c454c071c7290
-
SHA1
c88749c113c114d0fe437f4f701b9402a6d11e92
-
SHA256
4641bea6ae464a8c278a7e0529f754c08f60edc46ecf63b5b4c8775df8c54649
-
SHA512
4a0cdc2e0b86cacb92f684faec19764882653e75d7d66c37e9da0dec08b6beaadea432c161f1eda9e596ff14bea88c42af51c6837c954b3d3252beebd85991fe
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD4vTIgiAfbofxUyzzq2Ab8e1mT8Ti:joZtL+EP8vTIgiAfbofxUyzzqzK9
Behavioral task
behavioral1
Sample
7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
Resource
win7-20231129-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1246232317215903755/k1xdEK7NXg9Ud5aRps3d0dup6SCVr7oTrOvl5rUZFNMqDY9YqVHX9ED6ruz0decwjSyA
Targets
-
-
Target
7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
-
Size
231KB
-
MD5
7bc6b8054abd6114c35c454c071c7290
-
SHA1
c88749c113c114d0fe437f4f701b9402a6d11e92
-
SHA256
4641bea6ae464a8c278a7e0529f754c08f60edc46ecf63b5b4c8775df8c54649
-
SHA512
4a0cdc2e0b86cacb92f684faec19764882653e75d7d66c37e9da0dec08b6beaadea432c161f1eda9e596ff14bea88c42af51c6837c954b3d3252beebd85991fe
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD4vTIgiAfbofxUyzzq2Ab8e1mT8Ti:joZtL+EP8vTIgiAfbofxUyzzqzK9
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-