Overview

overview

10

Static

static

3

4bb16b57d0...cs.exe

windows7-x64

10

4bb16b57d0...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bb16b57d0f1334f33eb68091c3feeb0_NeikiAnalytics.exe

  • Size

    239KB

  • Sample

    240605-kerp8sah6x

  • MD5

    4bb16b57d0f1334f33eb68091c3feeb0

  • SHA1

    199aea84c3ce3a59d5c6aca9bb4e8d8fdeb54e6a

  • SHA256

    9ba03c9e8dd89f22fa5ded2cc18c12b811276f2b06388e62f02c664f4427d967

  • SHA512

    f97708c717a514e978162c27f5df145c29d2a4faf6aa31ec2a687fce03c3634088219c971519eeb5fc1a0f9adeaa38f3a7a664039d2f7c8b24744fdbed67a755

  • SSDEEP

    3072:ng9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxjSx:3eC4EwZFoobUk8qp0qpgBSx

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      4bb16b57d0f1334f33eb68091c3feeb0_NeikiAnalytics.exe

    • Size

      239KB

    • MD5

      4bb16b57d0f1334f33eb68091c3feeb0

    • SHA1

      199aea84c3ce3a59d5c6aca9bb4e8d8fdeb54e6a

    • SHA256

      9ba03c9e8dd89f22fa5ded2cc18c12b811276f2b06388e62f02c664f4427d967

    • SHA512

      f97708c717a514e978162c27f5df145c29d2a4faf6aa31ec2a687fce03c3634088219c971519eeb5fc1a0f9adeaa38f3a7a664039d2f7c8b24744fdbed67a755

    • SSDEEP

      3072:ng9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxjSx:3eC4EwZFoobUk8qp0qpgBSx

    Score
    10/10
    evasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks