General

  • Target

    18cc215341cc43a9614efe79d0222980_NeikiAnalytics.exe

  • Size

    289KB

  • Sample

    240616-2ynlcswfnk

  • MD5

    18cc215341cc43a9614efe79d0222980

  • SHA1

    807f1d259845b7586d8b20eacc22ced9afcaf2dc

  • SHA256

    bf2cb5bf8a90a8a792e5d5cb56048080dc038c6dc7b9f6f2e41e26aaafdfdea8

  • SHA512

    3f0355436eba26e74a1c7a99d241ce2a586abe620c01ada720f62caf5d1c8dc0cad648c82cf797f14073cf0564f9aed072030c441aee0d93226d94daecd166df

  • SSDEEP

    3072:sr85CrGyzlMoDNoq7ZlQ18geiZE1Jk+ibqB82MdYQrYnfryHhqBnKuo:k9rGyzlM/rpeiZpywY5Kq0uo

Malware Config

Targets

    • Target

      18cc215341cc43a9614efe79d0222980_NeikiAnalytics.exe

    • Size

      289KB

    • MD5

      18cc215341cc43a9614efe79d0222980

    • SHA1

      807f1d259845b7586d8b20eacc22ced9afcaf2dc

    • SHA256

      bf2cb5bf8a90a8a792e5d5cb56048080dc038c6dc7b9f6f2e41e26aaafdfdea8

    • SHA512

      3f0355436eba26e74a1c7a99d241ce2a586abe620c01ada720f62caf5d1c8dc0cad648c82cf797f14073cf0564f9aed072030c441aee0d93226d94daecd166df

    • SSDEEP

      3072:sr85CrGyzlMoDNoq7ZlQ18geiZE1Jk+ibqB82MdYQrYnfryHhqBnKuo:k9rGyzlM/rpeiZpywY5Kq0uo

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks