3594bd084fb6ade084cbb35ab63898088e0efb0754e42c67713b70b7e36f6ee7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab261968ce7e90238fce8a8126552b50_NeikiAnalytics.exe
Size

78KB
Sample

240614-hs93mazaka
MD5

ab261968ce7e90238fce8a8126552b50
SHA1

3dcc27c114ebfa16c25bf76029833e73d0cfae0a
SHA256

3594bd084fb6ade084cbb35ab63898088e0efb0754e42c67713b70b7e36f6ee7
SHA512

9d7b867c3030bad01d8ef833cae568d6cdf094ebe56c5abc3efae67b75b9320a9fa111fb83586cdd6ffda0896d97bd4e06188cbecb8d8a600f247c726eee0eee
SSDEEP

768:hpQNwC3BEddsEqOt/hyJF+x3BEJwRrPHisKl4qhZ:reTce/U/hKYuKPHisKldhZ

Score

10^/10

evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  ab261968ce7e90238fce8a8126552b50_NeikiAnalytics.exe
- Size
  
  78KB
- MD5
  
  ab261968ce7e90238fce8a8126552b50
- SHA1
  
  3dcc27c114ebfa16c25bf76029833e73d0cfae0a
- SHA256
  
  3594bd084fb6ade084cbb35ab63898088e0efb0754e42c67713b70b7e36f6ee7
- SHA512
  
  9d7b867c3030bad01d8ef833cae568d6cdf094ebe56c5abc3efae67b75b9320a9fa111fb83586cdd6ffda0896d97bd4e06188cbecb8d8a600f247c726eee0eee
- SSDEEP
  
  768:hpQNwC3BEddsEqOt/hyJF+x3BEJwRrPHisKl4qhZ:reTce/U/hKYuKPHisKldhZ
Score

10^/10

evasion persistence spyware stealer
- Modifies visibility of file extensions in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2