General

  • Target

    0ca3e8862c2d06ccd89fac9568c2d560_NeikiAnalytics.exe

  • Size

    2.6MB

  • Sample

    240609-dg89qscf6s

  • MD5

    0ca3e8862c2d06ccd89fac9568c2d560

  • SHA1

    42b649364a115921c72b897e6de60c492cc9b9e5

  • SHA256

    54128350e2fd22f81b22750204877d3cca6117841cc5ea56ab382d59cf14e1a9

  • SHA512

    b57b8a12bee5aee7720404c7e42000e6eb181169bb7f93f1902fb8293d6fe019714f8f3b8e1a1713853e84cff43248826e9874798425e4559dc3dfd50c87404c

  • SSDEEP

    49152:fXzhpDtKSK1cb8PGK+Tfuqmpc3elWo8GnQAsYZEVc:fXzhW148Pd+Tf1mpcOldJQ3/Vc

Malware Config

Targets

    • Target

      0ca3e8862c2d06ccd89fac9568c2d560_NeikiAnalytics.exe

    • Size

      2.6MB

    • MD5

      0ca3e8862c2d06ccd89fac9568c2d560

    • SHA1

      42b649364a115921c72b897e6de60c492cc9b9e5

    • SHA256

      54128350e2fd22f81b22750204877d3cca6117841cc5ea56ab382d59cf14e1a9

    • SHA512

      b57b8a12bee5aee7720404c7e42000e6eb181169bb7f93f1902fb8293d6fe019714f8f3b8e1a1713853e84cff43248826e9874798425e4559dc3dfd50c87404c

    • SSDEEP

      49152:fXzhpDtKSK1cb8PGK+Tfuqmpc3elWo8GnQAsYZEVc:fXzhW148Pd+Tf1mpcOldJQ3/Vc

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks