c6b30c897a9bbb27931f6cd86899bcca9771725e32c64c9a19bf42f05015e28d | Triage

Sharing

General

Target

13054b05a517cffc488d12179795a030_NeikiAnalytics.exe
Size

9.6MB
Sample

240610-pe6xdaae4v
MD5

13054b05a517cffc488d12179795a030
SHA1

f7efe0f92eee73bef2f14d17e3289bd183fda9fe
SHA256

c6b30c897a9bbb27931f6cd86899bcca9771725e32c64c9a19bf42f05015e28d
SHA512

772e254b64b27d2360ba8eb7dd85f7c5c4034b4b9a42c1da9b341f1612bd1aebd1f782299b6a5b476c5053209224f549eaacbd346351418304edd3eab1ce75b5
SSDEEP

196608:2BL9GJwtw5SC6E0MhCUBTX1QFhjwt25HnuwfBck+p2s+u+1yIOK:zwt+SCZlAQOHuwpM2s+f

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  13054b05a517cffc488d12179795a030_NeikiAnalytics.exe
- Size
  
  9.6MB
- MD5
  
  13054b05a517cffc488d12179795a030
- SHA1
  
  f7efe0f92eee73bef2f14d17e3289bd183fda9fe
- SHA256
  
  c6b30c897a9bbb27931f6cd86899bcca9771725e32c64c9a19bf42f05015e28d
- SHA512
  
  772e254b64b27d2360ba8eb7dd85f7c5c4034b4b9a42c1da9b341f1612bd1aebd1f782299b6a5b476c5053209224f549eaacbd346351418304edd3eab1ce75b5
- SSDEEP
  
  196608:2BL9GJwtw5SC6E0MhCUBTX1QFhjwt25HnuwfBck+p2s+u+1yIOK:zwt+SCZlAQOHuwpM2s+f
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2