General
-
Target
34ab17b9e55c2d7455f8ecd2ace39ee0_NeikiAnalytics.exe
-
Size
3.7MB
-
Sample
240611-pj5vwaxbqm
-
MD5
34ab17b9e55c2d7455f8ecd2ace39ee0
-
SHA1
599378b3d8723ba0d85a699fde05f71f003fac08
-
SHA256
e3bc4c659158e277c281c7b92dd928219080003f2dd45e666c18806110659255
-
SHA512
af0ed0a72acb1974244bda621f5f5a09a64c7fda477f92138142d26bb1d3c88822b12afc919be1ab8297d74efb781da4fc23306c817efd710acc4f284566d8e5
-
SSDEEP
98304:8vK8jFVPqKVj9nyCMa8Asdk+C3neFYaObK164jpw:8v1VCCB6dvMqbObK16ew
Malware Config
Targets
-
-
Target
34ab17b9e55c2d7455f8ecd2ace39ee0_NeikiAnalytics.exe
-
Size
3.7MB
-
MD5
34ab17b9e55c2d7455f8ecd2ace39ee0
-
SHA1
599378b3d8723ba0d85a699fde05f71f003fac08
-
SHA256
e3bc4c659158e277c281c7b92dd928219080003f2dd45e666c18806110659255
-
SHA512
af0ed0a72acb1974244bda621f5f5a09a64c7fda477f92138142d26bb1d3c88822b12afc919be1ab8297d74efb781da4fc23306c817efd710acc4f284566d8e5
-
SSDEEP
98304:8vK8jFVPqKVj9nyCMa8Asdk+C3neFYaObK164jpw:8v1VCCB6dvMqbObK16ew
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-