General

  • Target

    63fde96eac03191bf374790eced53680_NeikiAnalytics.exe

  • Size

    4.8MB

  • Sample

    240613-gpydzswgpc

  • MD5

    63fde96eac03191bf374790eced53680

  • SHA1

    f9747b36da6618d0ba8042fed866aa0084f11439

  • SHA256

    d482f559d92bf17876e7f2e2ba9161b73f87ec545f57b2891797172f43b730dc

  • SHA512

    a7e6123789670160e02896e2b5d319c19e1db35041955b8f0df49133f3dcf517942b6d39647963fb6c0544094c5dc1351c2ce031a1943daf7ce22bf08692606c

  • SSDEEP

    49152:kVYcx4QL3hM7MJXTdRvaXxKnfNLz9AiAKiTC69av2/ko:BvQL3KMNTdRvaXsfNP9AiAvu69av2/ko

Malware Config

Targets

    • Target

      63fde96eac03191bf374790eced53680_NeikiAnalytics.exe

    • Size

      4.8MB

    • MD5

      63fde96eac03191bf374790eced53680

    • SHA1

      f9747b36da6618d0ba8042fed866aa0084f11439

    • SHA256

      d482f559d92bf17876e7f2e2ba9161b73f87ec545f57b2891797172f43b730dc

    • SHA512

      a7e6123789670160e02896e2b5d319c19e1db35041955b8f0df49133f3dcf517942b6d39647963fb6c0544094c5dc1351c2ce031a1943daf7ce22bf08692606c

    • SSDEEP

      49152:kVYcx4QL3hM7MJXTdRvaXxKnfNLz9AiAKiTC69av2/ko:BvQL3KMNTdRvaXsfNP9AiAvu69av2/ko

    • Modifies AppInit DLL entries

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks