f2647d965074898dc9bbeaa7b05258cc2e40410bfab66d461b77e0c280def0b4 | Triage

Sharing

General

Target

53ca2fce680f9eb60a14c0553075a4a0_NeikiAnalytics.exe
Size

17KB
Sample

240604-ycmv6ahh85
MD5

53ca2fce680f9eb60a14c0553075a4a0
SHA1

223d9b6e8cc924acb8b10d4c3f156871cff83d51
SHA256

f2647d965074898dc9bbeaa7b05258cc2e40410bfab66d461b77e0c280def0b4
SHA512

c9f03498777cef3470292befdabf5af1db81b28c628a98d5941e95331a9f447dcc9163d063a48fdca55bfb59fd09bcfcd18f9bcdbeb56378bb4f78f5cf8a9bee
SSDEEP

384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/a79:IMAQ+BzWPEwnE+KHM2/a79

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  53ca2fce680f9eb60a14c0553075a4a0_NeikiAnalytics.exe
- Size
  
  17KB
- MD5
  
  53ca2fce680f9eb60a14c0553075a4a0
- SHA1
  
  223d9b6e8cc924acb8b10d4c3f156871cff83d51
- SHA256
  
  f2647d965074898dc9bbeaa7b05258cc2e40410bfab66d461b77e0c280def0b4
- SHA512
  
  c9f03498777cef3470292befdabf5af1db81b28c628a98d5941e95331a9f447dcc9163d063a48fdca55bfb59fd09bcfcd18f9bcdbeb56378bb4f78f5cf8a9bee
- SSDEEP
  
  384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/a79:IMAQ+BzWPEwnE+KHM2/a79
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer