General
-
Target
4eed8777402bba9ed5400fbd6f420910_NeikiAnalytics.exe
-
Size
520KB
-
Sample
240607-mpgzwsfh76
-
MD5
4eed8777402bba9ed5400fbd6f420910
-
SHA1
2cc3bc0b52ffefb98fa14eaa4fb9113f5aa7db27
-
SHA256
139c2245e8847acdef08ce8bc768470c27796d0c5b8de957893db36beae5705f
-
SHA512
a467edf6db9e8db84b05e2868030397874b80836453e9e5cad49565f28fabec71b5968201715008ff912ea8d332f5fee707cc0734a194e945abad2065573823a
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioX5:zW6ncoyqOp6IsTl/mX5
Malware Config
Targets
-
-
Target
4eed8777402bba9ed5400fbd6f420910_NeikiAnalytics.exe
-
Size
520KB
-
MD5
4eed8777402bba9ed5400fbd6f420910
-
SHA1
2cc3bc0b52ffefb98fa14eaa4fb9113f5aa7db27
-
SHA256
139c2245e8847acdef08ce8bc768470c27796d0c5b8de957893db36beae5705f
-
SHA512
a467edf6db9e8db84b05e2868030397874b80836453e9e5cad49565f28fabec71b5968201715008ff912ea8d332f5fee707cc0734a194e945abad2065573823a
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioX5:zW6ncoyqOp6IsTl/mX5
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1