7b1789e70dfe0f1be5e2ca7474a74c1c8da17ce58e8e84b08ea04fc3b90bd639 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42d914f3439e167379b2c0eb390f0760_NeikiAnalytics.exe
Size

524KB
Sample

240604-j5anzaae6y
MD5

42d914f3439e167379b2c0eb390f0760
SHA1

83dba0dec1aa75f29243b4a3b3065c8b1f447ed6
SHA256

7b1789e70dfe0f1be5e2ca7474a74c1c8da17ce58e8e84b08ea04fc3b90bd639
SHA512

401217d93323999716ea0aee113b516c7059991d69978d23256996595b86bf5cb9d128a473de5af3b52695942ca600b4f8cb994c5c78743a2fc125f4605e5f68
SSDEEP

6144:/rTfUHeeSKOS9ccFKk3Y9t9YZgViYz1MpA5ns/hCvYlP:/n8yN0Mr8ZgcI1z5nECc

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  42d914f3439e167379b2c0eb390f0760_NeikiAnalytics.exe
- Size
  
  524KB
- MD5
  
  42d914f3439e167379b2c0eb390f0760
- SHA1
  
  83dba0dec1aa75f29243b4a3b3065c8b1f447ed6
- SHA256
  
  7b1789e70dfe0f1be5e2ca7474a74c1c8da17ce58e8e84b08ea04fc3b90bd639
- SHA512
  
  401217d93323999716ea0aee113b516c7059991d69978d23256996595b86bf5cb9d128a473de5af3b52695942ca600b4f8cb994c5c78743a2fc125f4605e5f68
- SSDEEP
  
  6144:/rTfUHeeSKOS9ccFKk3Y9t9YZgViYz1MpA5ns/hCvYlP:/n8yN0Mr8ZgcI1z5nECc
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer