General
-
Target
03d3867b8e02564f65da04d2c0846650_NeikiAnalytics.exe
-
Size
2.7MB
-
Sample
240608-2pg28ahe4z
-
MD5
03d3867b8e02564f65da04d2c0846650
-
SHA1
c03424b0f316a0621204b9b4c0d8aa915207e2db
-
SHA256
7787cfce384d92ad259bdd395df57107e05d874390df3282dd7a5f7b6f1f38b7
-
SHA512
d1d2b30d52034a2f44c4ce357fbb835d8d41456faaf4ca3c85244bbd93c537cc1ff707c27da4dadd951c735bc40ab9cd7defc499654d1a42c6d9273e48ed62a3
-
SSDEEP
49152:VOzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05H:VOzaT00zcC8ahhSo9sRf44z1/5H
Behavioral task
behavioral1
Sample
03d3867b8e02564f65da04d2c0846650_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
03d3867b8e02564f65da04d2c0846650_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
03d3867b8e02564f65da04d2c0846650_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
03d3867b8e02564f65da04d2c0846650
-
SHA1
c03424b0f316a0621204b9b4c0d8aa915207e2db
-
SHA256
7787cfce384d92ad259bdd395df57107e05d874390df3282dd7a5f7b6f1f38b7
-
SHA512
d1d2b30d52034a2f44c4ce357fbb835d8d41456faaf4ca3c85244bbd93c537cc1ff707c27da4dadd951c735bc40ab9cd7defc499654d1a42c6d9273e48ed62a3
-
SSDEEP
49152:VOzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05H:VOzaT00zcC8ahhSo9sRf44z1/5H
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1