General

  • Target

    03d3867b8e02564f65da04d2c0846650_NeikiAnalytics.exe

  • Size

    2.7MB

  • Sample

    240608-2pg28ahe4z

  • MD5

    03d3867b8e02564f65da04d2c0846650

  • SHA1

    c03424b0f316a0621204b9b4c0d8aa915207e2db

  • SHA256

    7787cfce384d92ad259bdd395df57107e05d874390df3282dd7a5f7b6f1f38b7

  • SHA512

    d1d2b30d52034a2f44c4ce357fbb835d8d41456faaf4ca3c85244bbd93c537cc1ff707c27da4dadd951c735bc40ab9cd7defc499654d1a42c6d9273e48ed62a3

  • SSDEEP

    49152:VOzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05H:VOzaT00zcC8ahhSo9sRf44z1/5H

Malware Config

Targets

    • Target

      03d3867b8e02564f65da04d2c0846650_NeikiAnalytics.exe

    • Size

      2.7MB

    • MD5

      03d3867b8e02564f65da04d2c0846650

    • SHA1

      c03424b0f316a0621204b9b4c0d8aa915207e2db

    • SHA256

      7787cfce384d92ad259bdd395df57107e05d874390df3282dd7a5f7b6f1f38b7

    • SHA512

      d1d2b30d52034a2f44c4ce357fbb835d8d41456faaf4ca3c85244bbd93c537cc1ff707c27da4dadd951c735bc40ab9cd7defc499654d1a42c6d9273e48ed62a3

    • SSDEEP

      49152:VOzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05H:VOzaT00zcC8ahhSo9sRf44z1/5H

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks