General

  • Target

    0c85b51796bbcb44fcdfa8df7c3ffba0_NeikiAnalytics.exe

  • Size

    2.5MB

  • Sample

    240610-j59s3afa37

  • MD5

    0c85b51796bbcb44fcdfa8df7c3ffba0

  • SHA1

    7d1b9222f30393aba331afceb049b6435f37f332

  • SHA256

    9fa1a81e37146916edad5368ca2359205016b20ae2f8fff9de1f8e9a8956ec92

  • SHA512

    96ce741b6feca2972086d969116d08245de52ff505539cc62c1583d9675e3efb6198a6051ba69b9eac141c33e3380fa83097c041e8d134fb410b588104218f54

  • SSDEEP

    49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxg:Mxx9NUFkQx753uWuCyyxg

Malware Config

Targets

    • Target

      0c85b51796bbcb44fcdfa8df7c3ffba0_NeikiAnalytics.exe

    • Size

      2.5MB

    • MD5

      0c85b51796bbcb44fcdfa8df7c3ffba0

    • SHA1

      7d1b9222f30393aba331afceb049b6435f37f332

    • SHA256

      9fa1a81e37146916edad5368ca2359205016b20ae2f8fff9de1f8e9a8956ec92

    • SHA512

      96ce741b6feca2972086d969116d08245de52ff505539cc62c1583d9675e3efb6198a6051ba69b9eac141c33e3380fa83097c041e8d134fb410b588104218f54

    • SSDEEP

      49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxg:Mxx9NUFkQx753uWuCyyxg

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks