General

  • Target

    05d0111438ca56e90e11127696e756f0_NeikiAnalytics.exe

  • Size

    3.8MB

  • Sample

    240617-1kcq9syhrn

  • MD5

    05d0111438ca56e90e11127696e756f0

  • SHA1

    41d214afbdc851b29a0b10e0c123d6de56e2f509

  • SHA256

    c377e4b82be71062a55e9df1c7a89126877f6419990db21aa4863d838b891be7

  • SHA512

    0acfaac07929ddf5bd39ac21664db4589c8cb5b9cd0742d93279751f737b8e8623fcc6ad5db5e909930a57779cdccfbdd96c0370baf4187eebd685ddccc30dc7

  • SSDEEP

    49152:GOG6bXfJFfq5nxDzFKEj13Qe95zBsrDvLlN1kjUSKVW4LGlJW6L8:GOXulzv13P5zuWjUSKVW4yeK8

Malware Config

Targets

    • Target

      05d0111438ca56e90e11127696e756f0_NeikiAnalytics.exe

    • Size

      3.8MB

    • MD5

      05d0111438ca56e90e11127696e756f0

    • SHA1

      41d214afbdc851b29a0b10e0c123d6de56e2f509

    • SHA256

      c377e4b82be71062a55e9df1c7a89126877f6419990db21aa4863d838b891be7

    • SHA512

      0acfaac07929ddf5bd39ac21664db4589c8cb5b9cd0742d93279751f737b8e8623fcc6ad5db5e909930a57779cdccfbdd96c0370baf4187eebd685ddccc30dc7

    • SSDEEP

      49152:GOG6bXfJFfq5nxDzFKEj13Qe95zBsrDvLlN1kjUSKVW4LGlJW6L8:GOXulzv13P5zuWjUSKVW4yeK8

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks