Overview

overview

10

Static

static

3

b8061dcf4b...cs.exe

windows7-x64

10

b8061dcf4b...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b8061dcf4b55a0d745e6113cb63ad750_NeikiAnalytics.exe

  • Size

    520KB

  • Sample

    240614-mha8rszgqk

  • MD5

    b8061dcf4b55a0d745e6113cb63ad750

  • SHA1

    474d51150a862cf210f6b2e175b2ed41385957ae

  • SHA256

    4cdd09eb4865cdf8b9366b97da5a46f5d1c5e66506f0f04fca1569c5ef5366e0

  • SHA512

    278a994f5971fb5cb6799766ecae9d9beade38e31e75117b6698b07d34ab0129eb4f1ef7bfb85a3764d4a64c280456ad240365a94c57e550f3570d77d0faeef8

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXr:zW6ncoyqOp6IsTl/mXr

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      b8061dcf4b55a0d745e6113cb63ad750_NeikiAnalytics.exe

    • Size

      520KB

    • MD5

      b8061dcf4b55a0d745e6113cb63ad750

    • SHA1

      474d51150a862cf210f6b2e175b2ed41385957ae

    • SHA256

      4cdd09eb4865cdf8b9366b97da5a46f5d1c5e66506f0f04fca1569c5ef5366e0

    • SHA512

      278a994f5971fb5cb6799766ecae9d9beade38e31e75117b6698b07d34ab0129eb4f1ef7bfb85a3764d4a64c280456ad240365a94c57e550f3570d77d0faeef8

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXr:zW6ncoyqOp6IsTl/mXr

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks