General
-
Target
0c85b51796bbcb44fcdfa8df7c3ffba0_NeikiAnalytics.exe
-
Size
2.5MB
-
Sample
240610-j59s3afa37
-
MD5
0c85b51796bbcb44fcdfa8df7c3ffba0
-
SHA1
7d1b9222f30393aba331afceb049b6435f37f332
-
SHA256
9fa1a81e37146916edad5368ca2359205016b20ae2f8fff9de1f8e9a8956ec92
-
SHA512
96ce741b6feca2972086d969116d08245de52ff505539cc62c1583d9675e3efb6198a6051ba69b9eac141c33e3380fa83097c041e8d134fb410b588104218f54
-
SSDEEP
49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxg:Mxx9NUFkQx753uWuCyyxg
Behavioral task
behavioral1
Sample
0c85b51796bbcb44fcdfa8df7c3ffba0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0c85b51796bbcb44fcdfa8df7c3ffba0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
0c85b51796bbcb44fcdfa8df7c3ffba0_NeikiAnalytics.exe
-
Size
2.5MB
-
MD5
0c85b51796bbcb44fcdfa8df7c3ffba0
-
SHA1
7d1b9222f30393aba331afceb049b6435f37f332
-
SHA256
9fa1a81e37146916edad5368ca2359205016b20ae2f8fff9de1f8e9a8956ec92
-
SHA512
96ce741b6feca2972086d969116d08245de52ff505539cc62c1583d9675e3efb6198a6051ba69b9eac141c33e3380fa83097c041e8d134fb410b588104218f54
-
SSDEEP
49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxg:Mxx9NUFkQx753uWuCyyxg
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1