General

  • Target

    0264c9b98a41b2a5da45dddb5b325630_NeikiAnalytics.exe

  • Size

    2.5MB

  • Sample

    240611-zrnaxa1fnc

  • MD5

    0264c9b98a41b2a5da45dddb5b325630

  • SHA1

    ee773bc961df60e4f1b341aedf290c2fba50a454

  • SHA256

    d904cccee21c9468f5ee7be847c1bd7e09b91f58b594d946547d278b6bdce149

  • SHA512

    f37c519a4abcfd2fd3a8f4b7eb33e7d621670743a4b06b3e22728a3457559c09fba9668ff5a326d1ab6026e37901ed6b133ef84757ad6d850e58def5f44aee33

  • SSDEEP

    49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxw:Mxx9NUFkQx753uWuCyyxw

Malware Config

Targets

    • Target

      0264c9b98a41b2a5da45dddb5b325630_NeikiAnalytics.exe

    • Size

      2.5MB

    • MD5

      0264c9b98a41b2a5da45dddb5b325630

    • SHA1

      ee773bc961df60e4f1b341aedf290c2fba50a454

    • SHA256

      d904cccee21c9468f5ee7be847c1bd7e09b91f58b594d946547d278b6bdce149

    • SHA512

      f37c519a4abcfd2fd3a8f4b7eb33e7d621670743a4b06b3e22728a3457559c09fba9668ff5a326d1ab6026e37901ed6b133ef84757ad6d850e58def5f44aee33

    • SSDEEP

      49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxw:Mxx9NUFkQx753uWuCyyxw

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks