e0109d77da859bf3b16d3b64f1c34d10015876f39da7ceb6d31ac103a3e2090b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7177ea36eb9e52db12b966d95a7cac80_NeikiAnalytics.exe
Size

4.2MB
Sample

240613-lpmdyatbne
MD5

7177ea36eb9e52db12b966d95a7cac80
SHA1

572e88c3cc0fc61db19dbb7cbfa96df66bf9a348
SHA256

e0109d77da859bf3b16d3b64f1c34d10015876f39da7ceb6d31ac103a3e2090b
SHA512

8332565adf132c59ed20206b57144b9915e605756f9580ccc0b948390e9b1446dfe3470c006457127711510bfeec6e28fbb0d670ed6662239ecdb959a8027576
SSDEEP

98304:75tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEe:QssbCGo3yW8dLfZeNjR2e

Score

6^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  7177ea36eb9e52db12b966d95a7cac80_NeikiAnalytics.exe
- Size
  
  4.2MB
- MD5
  
  7177ea36eb9e52db12b966d95a7cac80
- SHA1
  
  572e88c3cc0fc61db19dbb7cbfa96df66bf9a348
- SHA256
  
  e0109d77da859bf3b16d3b64f1c34d10015876f39da7ceb6d31ac103a3e2090b
- SHA512
  
  8332565adf132c59ed20206b57144b9915e605756f9580ccc0b948390e9b1446dfe3470c006457127711510bfeec6e28fbb0d670ed6662239ecdb959a8027576
- SSDEEP
  
  98304:75tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEe:QssbCGo3yW8dLfZeNjR2e
Score

6^/10

evasion persistence trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan