General

  • Target

    31abf0d7ceac372deda48fec3bcaa040_NeikiAnalytics.exe

  • Size

    194KB

  • Sample

    240612-l5lsca1amd

  • MD5

    31abf0d7ceac372deda48fec3bcaa040

  • SHA1

    dc0417d03a1e5969b2b14ba45e9b9c57bb65194a

  • SHA256

    07718a4bb056acae45e7e77032fc1f47b382a484d2da1dd442648c6b2905532c

  • SHA512

    eb68b212229e0db9bf2ecd07ec14279db6ef341df32d18a878ac66adf8c88c662a8121fe4139722207476ccb408793d913735417fbe5de425f91deb9c8ae527a

  • SSDEEP

    6144:jkPo4hRhHBByiteijtdMeCQAHYSSXvS/rtj:jkPo4DhHT/tgHVSX0Z

Malware Config

Targets

    • Target

      31abf0d7ceac372deda48fec3bcaa040_NeikiAnalytics.exe

    • Size

      194KB

    • MD5

      31abf0d7ceac372deda48fec3bcaa040

    • SHA1

      dc0417d03a1e5969b2b14ba45e9b9c57bb65194a

    • SHA256

      07718a4bb056acae45e7e77032fc1f47b382a484d2da1dd442648c6b2905532c

    • SHA512

      eb68b212229e0db9bf2ecd07ec14279db6ef341df32d18a878ac66adf8c88c662a8121fe4139722207476ccb408793d913735417fbe5de425f91deb9c8ae527a

    • SSDEEP

      6144:jkPo4hRhHBByiteijtdMeCQAHYSSXvS/rtj:jkPo4DhHT/tgHVSX0Z

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (63) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks