Overview

overview

10

Static

static

3

0af5310d2f...cs.exe

windows7-x64

10

0af5310d2f...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0af5310d2f8746d76f045693b422d4a0_NeikiAnalytics.exe

  • Size

    294KB

  • Sample

    240616-z43lcsycja

  • MD5

    0af5310d2f8746d76f045693b422d4a0

  • SHA1

    c3470b1bdc18c416b65a14e726b173d5775cb8aa

  • SHA256

    06aa99d9298a390da5567b786f7273ea4084db9187172445a048de0587a0f9a1

  • SHA512

    3818fa57abdad0b58141a03985f4a3396ec63e0bf755f122a6cb0c0951288467cf292689385be878c3b09c3783616c11c8a8a88773da5dc421877cdb4c225ba6

  • SSDEEP

    6144:keC4EwZFoobUk8qp0qpgl8E1P+tnSj8XTo:wfhug8EotbDo

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      0af5310d2f8746d76f045693b422d4a0_NeikiAnalytics.exe

    • Size

      294KB

    • MD5

      0af5310d2f8746d76f045693b422d4a0

    • SHA1

      c3470b1bdc18c416b65a14e726b173d5775cb8aa

    • SHA256

      06aa99d9298a390da5567b786f7273ea4084db9187172445a048de0587a0f9a1

    • SHA512

      3818fa57abdad0b58141a03985f4a3396ec63e0bf755f122a6cb0c0951288467cf292689385be878c3b09c3783616c11c8a8a88773da5dc421877cdb4c225ba6

    • SSDEEP

      6144:keC4EwZFoobUk8qp0qpgl8E1P+tnSj8XTo:wfhug8EotbDo

    Score
    10/10
    evasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks