General

  • Target

    334b0480723aa5fbfb305395696ced20_NeikiAnalytics.exe

  • Size

    6.7MB

  • Sample

    240617-cfgbwsyhmg

  • MD5

    334b0480723aa5fbfb305395696ced20

  • SHA1

    1ef788f9c91c53919afae678b5722e87dfac2968

  • SHA256

    4e10526c615d87b9d7f87ef8876a804de53d98c323de72e1900f7bdd0a9d3510

  • SHA512

    ac2e260ad14a15a0c528cab532a641d8ec62f29e32c29edbf0a47135e6e02ea5407e87f21576dece8ce2b07ed1ac1cda7842d67fc72b2eaac8bf61d6475b4cff

  • SSDEEP

    98304:bnsmtk2aDmtk2aUmtk2aQmtk2aNh2bTeCYNHNywnSn5n9:DLDOCQh0TeC+HNyOcF9

Malware Config

Targets

    • Target

      334b0480723aa5fbfb305395696ced20_NeikiAnalytics.exe

    • Size

      6.7MB

    • MD5

      334b0480723aa5fbfb305395696ced20

    • SHA1

      1ef788f9c91c53919afae678b5722e87dfac2968

    • SHA256

      4e10526c615d87b9d7f87ef8876a804de53d98c323de72e1900f7bdd0a9d3510

    • SHA512

      ac2e260ad14a15a0c528cab532a641d8ec62f29e32c29edbf0a47135e6e02ea5407e87f21576dece8ce2b07ed1ac1cda7842d67fc72b2eaac8bf61d6475b4cff

    • SSDEEP

      98304:bnsmtk2aDmtk2aUmtk2aQmtk2aNh2bTeCYNHNywnSn5n9:DLDOCQh0TeC+HNyOcF9

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks