bed0368aad6f2dd8cc6c15bfe538b4c87997c79ff4873d47b2a6f2f292cff3ec | Triage

Sharing

General

Target

5e1c8de89597847d39f9443b7bd03160_NeikiAnalytics.exe
Size

2.6MB
Sample

240613-e1h3bsxfqm
MD5

5e1c8de89597847d39f9443b7bd03160
SHA1

d10c16c03ba59aeb9a0b2d4fc5d9e4bae428ff53
SHA256

bed0368aad6f2dd8cc6c15bfe538b4c87997c79ff4873d47b2a6f2f292cff3ec
SHA512

b6f4d75a44e3d23666e3fd8f6b27255771869f6bf015a837289602ae31df63c818a8f3f352b6e322352f3d78f6e0c070fbbc45c9a4aed926168331dba444a756
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBaB/bS:sxX7QnxrloE5dpUptb

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  5e1c8de89597847d39f9443b7bd03160_NeikiAnalytics.exe
- Size
  
  2.6MB
- MD5
  
  5e1c8de89597847d39f9443b7bd03160
- SHA1
  
  d10c16c03ba59aeb9a0b2d4fc5d9e4bae428ff53
- SHA256
  
  bed0368aad6f2dd8cc6c15bfe538b4c87997c79ff4873d47b2a6f2f292cff3ec
- SHA512
  
  b6f4d75a44e3d23666e3fd8f6b27255771869f6bf015a837289602ae31df63c818a8f3f352b6e322352f3d78f6e0c070fbbc45c9a4aed926168331dba444a756
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBaB/bS:sxX7QnxrloE5dpUptb
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer