General

  • Target

    20054a290f291507bf8d3cc0252d36a0_NeikiAnalytics.exe

  • Size

    89KB

  • Sample

    240616-3wkblathrb

  • MD5

    20054a290f291507bf8d3cc0252d36a0

  • SHA1

    d9c2f46f55b2ad9047c89f9203f6fddb1473443c

  • SHA256

    c04f1a93e06e98f38c007c109da1ca39b88c5a193e50eccc29a55496c798ab15

  • SHA512

    bbd269e186ef80b1780d7e787cf44781d2d4448ddb2280e36388f94d7a31140978d6a51d31911bc7719922fbaeea7e7b665c048ff3f311a4c6a709202f9052db

  • SSDEEP

    1536:JxqjQ+P04wsmJCLozkN7cixI/IqdM5RdJ5R3sozkt5RA3gw5q:sr85CLzo2qO7k/Igiq

Malware Config

Targets

    • Target

      20054a290f291507bf8d3cc0252d36a0_NeikiAnalytics.exe

    • Size

      89KB

    • MD5

      20054a290f291507bf8d3cc0252d36a0

    • SHA1

      d9c2f46f55b2ad9047c89f9203f6fddb1473443c

    • SHA256

      c04f1a93e06e98f38c007c109da1ca39b88c5a193e50eccc29a55496c798ab15

    • SHA512

      bbd269e186ef80b1780d7e787cf44781d2d4448ddb2280e36388f94d7a31140978d6a51d31911bc7719922fbaeea7e7b665c048ff3f311a4c6a709202f9052db

    • SSDEEP

      1536:JxqjQ+P04wsmJCLozkN7cixI/IqdM5RdJ5R3sozkt5RA3gw5q:sr85CLzo2qO7k/Igiq

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks