Overview

overview

10

Static

static

3

2690bc6ffd...cs.exe

windows7-x64

10

2690bc6ffd...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2690bc6ffdd94bf7f8cdacb3bea2c620_NeikiAnalytics.exe

  • Size

    299KB

  • Sample

    240617-a1chbswcmg

  • MD5

    2690bc6ffdd94bf7f8cdacb3bea2c620

  • SHA1

    2b54a32f5bda35354044b9e5ac5d5c78bf45d699

  • SHA256

    6afc188e412bb427c3d37068ca794d2a25278bffbba68ee42a038110079f5fbd

  • SHA512

    160428b1c9a8e07058eebcdb885399f16402b36e2cb603d54144ff9a37e9ca6046333b9b25f03de872c55f31d9510a8105facf70e02aba613ebef9c1b7fde411

  • SSDEEP

    6144:keC4EwZFoobUk8qp0qpgl8E1P+t4I1fV1w:wfhug8Eot4I3O

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      2690bc6ffdd94bf7f8cdacb3bea2c620_NeikiAnalytics.exe

    • Size

      299KB

    • MD5

      2690bc6ffdd94bf7f8cdacb3bea2c620

    • SHA1

      2b54a32f5bda35354044b9e5ac5d5c78bf45d699

    • SHA256

      6afc188e412bb427c3d37068ca794d2a25278bffbba68ee42a038110079f5fbd

    • SHA512

      160428b1c9a8e07058eebcdb885399f16402b36e2cb603d54144ff9a37e9ca6046333b9b25f03de872c55f31d9510a8105facf70e02aba613ebef9c1b7fde411

    • SSDEEP

      6144:keC4EwZFoobUk8qp0qpgl8E1P+t4I1fV1w:wfhug8Eot4I3O

    Score
    10/10
    evasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks