General

  • Target

    9f488a3f90063d98208e4c94aeaca7e0_NeikiAnalytics.exe

  • Size

    78KB

  • Sample

    240614-d7sdxaterg

  • MD5

    9f488a3f90063d98208e4c94aeaca7e0

  • SHA1

    8eb89e8c1d93566f060ea36f5bd6c4df30c0143d

  • SHA256

    06737105b6903d6e610b7998891969475235ffe7af6f9dd1e417c365720c4f4c

  • SHA512

    fa931acfc1d50c7dd2376a47ea921712fb7b568b77c96a6e49d3001173840a80dbca1d3122894ef28a11e5b5b1b5b1f6098703612c04ad849fbd0fda9d8fedcc

  • SSDEEP

    768:RpQNwC3BEddsEqOt/hyJF+x3BEJwRrPHisKl4qh2:7eTce/U/hKYuKPHisKldh2

Malware Config

Targets

    • Target

      9f488a3f90063d98208e4c94aeaca7e0_NeikiAnalytics.exe

    • Size

      78KB

    • MD5

      9f488a3f90063d98208e4c94aeaca7e0

    • SHA1

      8eb89e8c1d93566f060ea36f5bd6c4df30c0143d

    • SHA256

      06737105b6903d6e610b7998891969475235ffe7af6f9dd1e417c365720c4f4c

    • SHA512

      fa931acfc1d50c7dd2376a47ea921712fb7b568b77c96a6e49d3001173840a80dbca1d3122894ef28a11e5b5b1b5b1f6098703612c04ad849fbd0fda9d8fedcc

    • SSDEEP

      768:RpQNwC3BEddsEqOt/hyJF+x3BEJwRrPHisKl4qh2:7eTce/U/hKYuKPHisKldh2

    • Modifies visibility of file extensions in Explorer

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks