General

  • Target

    39d5c426fc34140151b2924249d9b520_NeikiAnalytics.exe

  • Size

    3.1MB

  • Sample

    240612-pgcfjsyaql

  • MD5

    39d5c426fc34140151b2924249d9b520

  • SHA1

    f0f7778d3d3b7381eaed0aee534671294e9d87bc

  • SHA256

    991bdde3a97160b54579ed6e657b60d664d4349d27d665d5142f678202b1a14f

  • SHA512

    bbdb1368a735452d08ac1a4971df6e24bb31f166871c64ebb731a6821b6f83ac4ca74ed4f7dbb49343393e9a7b03053e212dba09a1fa8e364aad0c5c6578d600

  • SSDEEP

    98304:LKaKWQckVgtev5mnlNLE56hxvWbrtUTrUHOs:pKWQc0gEYnvLE8x+NcIOs

Malware Config

Targets

    • Target

      39d5c426fc34140151b2924249d9b520_NeikiAnalytics.exe

    • Size

      3.1MB

    • MD5

      39d5c426fc34140151b2924249d9b520

    • SHA1

      f0f7778d3d3b7381eaed0aee534671294e9d87bc

    • SHA256

      991bdde3a97160b54579ed6e657b60d664d4349d27d665d5142f678202b1a14f

    • SHA512

      bbdb1368a735452d08ac1a4971df6e24bb31f166871c64ebb731a6821b6f83ac4ca74ed4f7dbb49343393e9a7b03053e212dba09a1fa8e364aad0c5c6578d600

    • SSDEEP

      98304:LKaKWQckVgtev5mnlNLE56hxvWbrtUTrUHOs:pKWQc0gEYnvLE8x+NcIOs

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks