General

  • Target

    0cda5b9960b71d743623582c92573bd0_NeikiAnalytics.exe

  • Size

    2.7MB

  • Sample

    240610-knz3zafc67

  • MD5

    0cda5b9960b71d743623582c92573bd0

  • SHA1

    696f3197de3488a3abb866255c8555281f655e3f

  • SHA256

    29f1d4056930b018706dbf0ec9b6fedf29b50bdc96b758862e15caec9b5247b0

  • SHA512

    72f9f74f80365658c9e656f22e867ce47bee71abd83ce3e7cbb12005869cd7e130bffcba882d5851ee15c726a3300c55b85de2071ae00153b07aa7ffe26d23b8

  • SSDEEP

    49152:VtzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05P:VtzaT00zcC8ahhSo9sRf44z1/5P

Malware Config

Targets

    • Target

      0cda5b9960b71d743623582c92573bd0_NeikiAnalytics.exe

    • Size

      2.7MB

    • MD5

      0cda5b9960b71d743623582c92573bd0

    • SHA1

      696f3197de3488a3abb866255c8555281f655e3f

    • SHA256

      29f1d4056930b018706dbf0ec9b6fedf29b50bdc96b758862e15caec9b5247b0

    • SHA512

      72f9f74f80365658c9e656f22e867ce47bee71abd83ce3e7cbb12005869cd7e130bffcba882d5851ee15c726a3300c55b85de2071ae00153b07aa7ffe26d23b8

    • SSDEEP

      49152:VtzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05P:VtzaT00zcC8ahhSo9sRf44z1/5P

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks