Overview

overview

8

Static

static

7

159b0fd854...cs.exe

windows7-x64

8

159b0fd854...cs.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    159b0fd854604dd4f1fb3e8b59e09ac0_NeikiAnalytics.exe

  • Size

    67KB

  • Sample

    240612-b4b7eayakh

  • MD5

    159b0fd854604dd4f1fb3e8b59e09ac0

  • SHA1

    f6778e85ddc6b1b9558b8c554d69c295cf392aa2

  • SHA256

    fdb06c722e641250c2f6f83f57f59957cacc56127d6b47f860ed00abc80e476a

  • SHA512

    5ba3c27af7ffddc7781ed5b447a2fa65b941260aa74cd861f713cdf9a6c7c3f93f27905382468953396e1ba08dda144d2bf9c956348d51f1fb4e631334105902

  • SSDEEP

    768:ua4r+PpHfXGLOnNh8noR+Dk6SLhmVGj3y6SLhmVGj3E/:2r+Fuc5LhmkjC5LhmkjG

Score
8/10
upx

Malware Config

Targets

    • Target

      159b0fd854604dd4f1fb3e8b59e09ac0_NeikiAnalytics.exe

    • Size

      67KB

    • MD5

      159b0fd854604dd4f1fb3e8b59e09ac0

    • SHA1

      f6778e85ddc6b1b9558b8c554d69c295cf392aa2

    • SHA256

      fdb06c722e641250c2f6f83f57f59957cacc56127d6b47f860ed00abc80e476a

    • SHA512

      5ba3c27af7ffddc7781ed5b447a2fa65b941260aa74cd861f713cdf9a6c7c3f93f27905382468953396e1ba08dda144d2bf9c956348d51f1fb4e631334105902

    • SSDEEP

      768:ua4r+PpHfXGLOnNh8noR+Dk6SLhmVGj3y6SLhmVGj3E/:2r+Fuc5LhmkjC5LhmkjG

    Score
    8/10
    upx

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks