General

  • Target

    6091e5353873fa898f5cafa67c92fb60_NeikiAnalytics.exe

  • Size

    3.6MB

  • Sample

    240613-fqcm8syerk

  • MD5

    6091e5353873fa898f5cafa67c92fb60

  • SHA1

    7bb67f0441e353bb5c438904e633c851ec6ee55f

  • SHA256

    3625cb99d6cc874905d717eaf39b0ec82eb5879c2c7258e7cae8f235934bc84a

  • SHA512

    fb3853bb96e3e5bf5dff733121c90204d193ed9c59fb60b17daf1bb9bf9adb49709a0139f3ecd43d09ee570b09b35bab77b98f239dc21589080454d749d9f766

  • SSDEEP

    98304:DJH+HcdirOAdSs8ObRL0KySbX+KEajWFS:DJHYWi5dSs8OV/7bX+MUS

Malware Config

Targets

    • Target

      6091e5353873fa898f5cafa67c92fb60_NeikiAnalytics.exe

    • Size

      3.6MB

    • MD5

      6091e5353873fa898f5cafa67c92fb60

    • SHA1

      7bb67f0441e353bb5c438904e633c851ec6ee55f

    • SHA256

      3625cb99d6cc874905d717eaf39b0ec82eb5879c2c7258e7cae8f235934bc84a

    • SHA512

      fb3853bb96e3e5bf5dff733121c90204d193ed9c59fb60b17daf1bb9bf9adb49709a0139f3ecd43d09ee570b09b35bab77b98f239dc21589080454d749d9f766

    • SSDEEP

      98304:DJH+HcdirOAdSs8ObRL0KySbX+KEajWFS:DJHYWi5dSs8OV/7bX+MUS

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks