General

  • Target

    3ab336855027041403ee453b2291bde0_NeikiAnalytics.exe

  • Size

    96KB

  • Sample

    240617-ddzwws1cpa

  • MD5

    3ab336855027041403ee453b2291bde0

  • SHA1

    5bf6085a1858a4d7884d225ec96e05810853bf7e

  • SHA256

    c5386cc925b8cd137d5fe5e7db3ead600d081cdff0bd4736bc35694ebeb94bbd

  • SHA512

    5c3bc93be1845b0af98068e280f39b7b87d14a8c2ccf70834973d1fc098c10f37307596afaed91f24cdf4c24d35e3828a3b51fb16e2d41ed8d2044120a06636a

  • SSDEEP

    1536:rxqjQ+P04wsmJCcnYb1VSGeFPVQOQwoZBKUHzCJvTinnUwm7:Sr85CWYzwQXKUOZEm7

Malware Config

Targets

    • Target

      3ab336855027041403ee453b2291bde0_NeikiAnalytics.exe

    • Size

      96KB

    • MD5

      3ab336855027041403ee453b2291bde0

    • SHA1

      5bf6085a1858a4d7884d225ec96e05810853bf7e

    • SHA256

      c5386cc925b8cd137d5fe5e7db3ead600d081cdff0bd4736bc35694ebeb94bbd

    • SHA512

      5c3bc93be1845b0af98068e280f39b7b87d14a8c2ccf70834973d1fc098c10f37307596afaed91f24cdf4c24d35e3828a3b51fb16e2d41ed8d2044120a06636a

    • SSDEEP

      1536:rxqjQ+P04wsmJCcnYb1VSGeFPVQOQwoZBKUHzCJvTinnUwm7:Sr85CWYzwQXKUOZEm7

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks