Overview

overview

7

Static

static

7

15abb11e27...cs.exe

windows7-x64

7

15abb11e27...cs.exe

windows10-2004-x64

7

$APPDATA/M...efs.js

windows7-x64

3

$APPDATA/M...efs.js

windows10-2004-x64

3

$APPDATA/M...rap.js

windows7-x64

3

$APPDATA/M...rap.js

windows10-2004-x64

3

$APPDATA/M...ain.js

windows7-x64

3

$APPDATA/M...ain.js

windows10-2004-x64

3

$APPDATA/M...ain.js

windows7-x64

3

$APPDATA/M...ain.js

windows10-2004-x64

3

$APPDATA/M...-ki.js

windows7-x64

3

$APPDATA/M...-ki.js

windows10-2004-x64

3

$APPDATA/M...-ki.js

windows7-x64

3

$APPDATA/M...-ki.js

windows10-2004-x64

3

$APPDATA/M...-ki.js

windows7-x64

3

$APPDATA/M...-ki.js

windows10-2004-x64

3

$APPDATA/M...mod.js

windows7-x64

3

$APPDATA/M...mod.js

windows10-2004-x64

3

$APPDATA/M...est.js

windows7-x64

3

$APPDATA/M...est.js

windows10-2004-x64

3

$APPDATA/M...abs.js

windows7-x64

3

$APPDATA/M...abs.js

windows10-2004-x64

3

$APPDATA/M...ers.js

windows7-x64

3

$APPDATA/M...ers.js

windows10-2004-x64

3

$APPDATA/M...ows.js

windows7-x64

3

$APPDATA/M...ows.js

windows10-2004-x64

3

$APPDATA/M...til.js

windows7-x64

3

$APPDATA/M...til.js

windows10-2004-x64

3

$APPDATA/M...til.js

windows7-x64

3

$APPDATA/M...til.js

windows10-2004-x64

3

$APPDATA/M...til.js

windows7-x64

3

$APPDATA/M...til.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe

  • Size

    1.4MB

  • Sample

    240606-p3rglaed2x

  • MD5

    15abb11e275069e37e687a7c12d204b0

  • SHA1

    ea984e3812a23ad8ce732e3999d24261d362837b

  • SHA256

    e56690451a25a11f9baf661746830d50ab7610dbff08683737d81b3ef86121a1

  • SHA512

    faaf0699a215d7ef24ca7213bd467d4a62a28facf50070f6c261a9b0a5f0f0ebf6c2c3cb31c388b10f91841b5f4279cfa6cda1802e1412af00dc881bab5eb026

  • SSDEEP

    24576:pBhi+L6zmg0wdAS6ZsmpEuZHFHO3a6wolATE252KJoOBRri7UpiE52KJoWZKw/Ht:pe+L61dYrEupFu3/jlY2fO7e7y2fWZPl

Score
7/10
executionpersistenceupx

Malware Config

Targets

    • Target

      15abb11e275069e37e687a7c12d204b0_NeikiAnalytics.exe

    • Size

      1.4MB

    • MD5

      15abb11e275069e37e687a7c12d204b0

    • SHA1

      ea984e3812a23ad8ce732e3999d24261d362837b

    • SHA256

      e56690451a25a11f9baf661746830d50ab7610dbff08683737d81b3ef86121a1

    • SHA512

      faaf0699a215d7ef24ca7213bd467d4a62a28facf50070f6c261a9b0a5f0f0ebf6c2c3cb31c388b10f91841b5f4279cfa6cda1802e1412af00dc881bab5eb026

    • SSDEEP

      24576:pBhi+L6zmg0wdAS6ZsmpEuZHFHO3a6wolATE252KJoOBRri7UpiE52KJoWZKw/Ht:pe+L61dYrEupFu3/jlY2fO7e7y2fWZPl

    Score
    7/10
    persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/defaults/preferences/prefs.js

    • Size

      135B

    • MD5

      9eac1a7b336dc8dc5f91e006f392bd78

    • SHA1

      9f7da5a55ebf1f18fb25748ed00b1a21157702ac

    • SHA256

      5b1de496de918ee5985dd755be8f182429d2001b7b5078dcbbd00c18c2892a8f

    • SHA512

      6b13c8632f69ab56b59b9af27366ae01173d15db0b9f261a78d8b9273a47ccd556013fa177c2fd217f8d65120d08ebeab273e836ec9cd2cc0854800e40c4c44b

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/bootstrap.js

    • Size

      6KB

    • MD5

      da9481894c3b31c321922aaa00c4a5a1

    • SHA1

      bf06a5f4472cdde3a7f0b0e67c7fdc278bfe4b83

    • SHA256

      1a909c1b8347aa4d8a6087d90495d567936495107ac8895590545d7c45bb766f

    • SHA512

      6e3e1357370e56645c9672dd98e8ef956e4d5716a873912b7c2e721310ab6776755e26cd332792ba729eb8998ab5961aa462239f5208112ce1868297138e322d

    • SSDEEP

      192:Jc5TKrwMCSupJEin34IWYXMV2nU9fyaoP3xi9:yhKrwuMiYYCA63xi9

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/a/lib/.svn/text-base/main.js.svn-base

    • Size

      9KB

    • MD5

      6a0269fd452451789248823bf79200db

    • SHA1

      12cb4cb577769d470ff6dd234abb5739300ce6bc

    • SHA256

      e2440de1265ceb2fb9590943036fa571c0334819489888b43b351ad6d1d61b0a

    • SHA512

      e683da0fdc1ed72356d15e429708f45ccf9e1dbb08a1593d1f2314cc4f8d1278a359b699d7a97b73b5b5dafbcb3bfbd26b4cf6f3426d39b4136fe34b0e1b0606

    • SSDEEP

      192:4b3U1GM/f4ocRpVIbRybgMGyxOIq4sU+/oGIkUNk05RMFtSEyWOsyHKoGuZP:4bUwnVgykMGyxOIqnv/oGIkUNk0mSEyf

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/a/lib/main.js

    • Size

      5KB

    • MD5

      9322895ab780f0574027d204d2562452

    • SHA1

      f026a0ebf557a59d1c3fd08b6a001f93863267e9

    • SHA256

      9006336c9af5d1c1b289f70dc75a71fd15795609d9da90e614ed5458f1ba2c8a

    • SHA512

      0c7266ae60caa868d3b2392b2fb061a04e515c8e4d3958caf5542c96702e308477e34745005f1f7ea643a9e714d5f847aa7a9a97d7af590939dac160c4855678

    • SSDEEP

      96:GqtEIPXBOHxOmdv+RH1DmTVh687IUsvVGjHs9Q+KeXNfUzNeiIVcq/i3aVNDHL:GEEIPXBOHxOmdWIr0xv4jHs/Nf6NuceT

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/.svn/text-base/page-mod.js.svn-base

    • Size

      10KB

    • MD5

      bcdbf826abb862884a14641e605e29e5

    • SHA1

      6ae81f555ca7c4086d9305dfc6d81e7476458ea2

    • SHA256

      49834272cb50937037b183f92dc45f14f2c66bd25d5af486021d92d44e2434ff

    • SHA512

      f40350c65c92038da23bf09d5ad43317cc908a51c979d65a870bcb8849f10e9d6f4913fc848bfab19ec79d819534a80be3697f37dfafab8b19725faeffb7289a

    • SSDEEP

      192:h1VcTUttmf/wgHFy90ubg+9HAyWawU778FODcaG8IM8GlX84NwgdcFvu7hw/Mld:DV/QXwgHE4GoUaP8IM88X2+ykd

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/.svn/text-base/request.js.svn-base

    • Size

      6KB

    • MD5

      d573fe0af142dae54ab8119963c41656

    • SHA1

      afc471df1d69383dfd4c88fcd5f6adaf4966d738

    • SHA256

      3635ae58dcb3a406e25e5ad5dcd0d2ccbcd4ee3e7c4e713ea3934766c37c874c

    • SHA512

      229ec5bc3899f0135c8edf479f3a6ce1fe7cf383a422cf62eeacb95a671177fa314858b04471c63796c559218f9a7d30cd972095ec0b8aaa3c8f006b3e86f9be

    • SSDEEP

      192:A0XG0oAkD0FrvJZI33RVPH18kcWQONQ6X8ypuugRK0RWY:zXG0WQFzPqkhO26tw1

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/.svn/text-base/windows.js.svn-base

    • Size

      7KB

    • MD5

      57431d3ca2379f4c225df402df34c691

    • SHA1

      59a4ce84d98408a91cdd05e1502bbfa10e16b98d

    • SHA256

      37a106d4911bf5f2f6ac0ed595a19e00a7ecb32a9dca5726afccca413d647b17

    • SHA512

      d75f28ea85cec3f4bc12b62e5d5ae87edb19c7041d944841e0ef44a803e3c71e2882a9f58db6b0f72876acda9836246245630effe24e353815447d335d14541c

    • SSDEEP

      192:ABCQ01stidNrvBS1udiFYax1NQVfOY3rZhccWyN:6PikFYacr

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/page-mod.js

    • Size

      10KB

    • MD5

      bcdbf826abb862884a14641e605e29e5

    • SHA1

      6ae81f555ca7c4086d9305dfc6d81e7476458ea2

    • SHA256

      49834272cb50937037b183f92dc45f14f2c66bd25d5af486021d92d44e2434ff

    • SHA512

      f40350c65c92038da23bf09d5ad43317cc908a51c979d65a870bcb8849f10e9d6f4913fc848bfab19ec79d819534a80be3697f37dfafab8b19725faeffb7289a

    • SSDEEP

      192:h1VcTUttmf/wgHFy90ubg+9HAyWawU778FODcaG8IM8GlX84NwgdcFvu7hw/Mld:DV/QXwgHE4GoUaP8IM88X2+ykd

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/request.js

    • Size

      6KB

    • MD5

      d573fe0af142dae54ab8119963c41656

    • SHA1

      afc471df1d69383dfd4c88fcd5f6adaf4966d738

    • SHA256

      3635ae58dcb3a406e25e5ad5dcd0d2ccbcd4ee3e7c4e713ea3934766c37c874c

    • SHA512

      229ec5bc3899f0135c8edf479f3a6ce1fe7cf383a422cf62eeacb95a671177fa314858b04471c63796c559218f9a7d30cd972095ec0b8aaa3c8f006b3e86f9be

    • SSDEEP

      192:A0XG0oAkD0FrvJZI33RVPH18kcWQONQ6X8ypuugRK0RWY:zXG0WQFzPqkhO26tw1

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/tabs.js

    • Size

      1KB

    • MD5

      2dd3784d0d457a08182883cb2f00c11e

    • SHA1

      4052959c199186fbc81bf7cfde8b100548154289

    • SHA256

      aec1ebce533a99bbda9b5052e18346518702eb345b4f11a33636b03b312f78d7

    • SHA512

      b8d9e91cf393d028a293a7fa970722e102bf08afd1784c9c30e66e78b0d2390a6d7a40381e57aec0a9fa6c2c6f8640f757ad78c718fa07b9fec7286a5cbf2b91

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/timers.js

    • Size

      346B

    • MD5

      d668411c44829573ac3419e5c43688c9

    • SHA1

      5b87fa7c424576c1cddd433477d62415a4ad57db

    • SHA256

      26bed37a039c6e1c4876048e5b5342c1569b9bee3daecb2cc904c93a26d94634

    • SHA512

      da814c8eae748ba5391933a376608da8fe979753a95fc0f398b817525f3c3bd28e2a47a9e14ab5953a3033d05e3a57b65d3ebf624b261184e4427c57f234f02f

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/addon-kit/lib/windows.js

    • Size

      7KB

    • MD5

      57431d3ca2379f4c225df402df34c691

    • SHA1

      59a4ce84d98408a91cdd05e1502bbfa10e16b98d

    • SHA256

      37a106d4911bf5f2f6ac0ed595a19e00a7ecb32a9dca5726afccca413d647b17

    • SHA512

      d75f28ea85cec3f4bc12b62e5d5ae87edb19c7041d944841e0ef44a803e3c71e2882a9f58db6b0f72876acda9836246245630effe24e353815447d335d14541c

    • SSDEEP

      192:ABCQ01stidNrvBS1udiFYax1NQVfOY3rZhccWyN:6PikFYacr

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/api-utils/lib/.svn/text-base/api-utils.js.svn-base

    • Size

      5KB

    • MD5

      f7f2dca1099de06ddddcb313ca85f808

    • SHA1

      85059c5bfff26451c356fe481c2e6be8ecff8256

    • SHA256

      18c9219edf012f4eb8a863139e640ea7a18817055d21a6086619d6aa08f2d887

    • SHA512

      0d4b9ae5b5b7b96877567373b69035a8393cf8a71a856dfe9b6b5cad1a3d88996bab7877549750ba6d2cf8b5313338f6c812f9cd2181321389241dbf58d2c220

    • SSDEEP

      96:hlbOVhm8dSh5v6YFp1iPr6cgqfUF2Si+/cAOUYIJE8XiKEsz:hlOVhxKiYFLiT6qUF2Si+UARYIJ1izg

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/api-utils/lib/.svn/text-base/base64.js.svn-base

    • Size

      1011B

    • MD5

      60be0c7604dd1606aca5c657f9ace926

    • SHA1

      d6baf483c73e281ef4a6960a92b5155701171527

    • SHA256

      43b63fc0aa3c6b884d1018410f5a3afee47cb220a70f0ce1c45ee154c44d0483

    • SHA512

      490d66cc6ecd250287d7557149f59f91a912857e99acd50ad597bb3d190649a7b7b87b81a05aaf78f18d24ed1ea820ba8e4eb7495303e1f6e00216f0d6215119

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      $APPDATA/Mozilla/Firefox/Profiles/$1/extensions/[email protected]/resources/api-utils/lib/.svn/text-base/byte-streams.js.svn-base

    • Size

      2KB

    • MD5

      60dd55264e4c33956260654be4c839a5

    • SHA1

      a3f7ac2d310616d18515a651398787ec492d2a73

    • SHA256

      70fb9a7ec33b9dda9b70e0d5c6b0234362e30c35f269027269b54a1d6f130eea

    • SHA512

      915d2d3b75028bb5f6a98c2899a2c2dbdaee0e3ac8b33a6ae1832d84d502e0c28fe46c09e53ebb45b0c0788e0fcc0ca55fb353988cc17f3135325cedc51c0f43

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

persistence
Score
7/10

behavioral2

persistence
Score
7/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10