25b8d12a8ec62971da061e19853e91c442547602f1054478698e39cb959fe3b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

670020512a47a1faaac1617fd17b01c0_NeikiAnalytics.exe
Size

1.9MB
Sample

240617-jy8bna1gnb
MD5

670020512a47a1faaac1617fd17b01c0
SHA1

459d4e5d3b4fb14e6d2d09fa05d60adfbb8e8421
SHA256

25b8d12a8ec62971da061e19853e91c442547602f1054478698e39cb959fe3b3
SHA512

4f4e30d52473d928373f31859459f8624c78ec43f428960435386056b9d4149460374afcae230b2263f57891c2d23aaa726a5be51aad18bbce4f3619684db9e7
SSDEEP

24576:hQRr47XdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMak:h64BbTChxKCnFnQXBbrtgb/iQvu0UHO0

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  670020512a47a1faaac1617fd17b01c0_NeikiAnalytics.exe
- Size
  
  1.9MB
- MD5
  
  670020512a47a1faaac1617fd17b01c0
- SHA1
  
  459d4e5d3b4fb14e6d2d09fa05d60adfbb8e8421
- SHA256
  
  25b8d12a8ec62971da061e19853e91c442547602f1054478698e39cb959fe3b3
- SHA512
  
  4f4e30d52473d928373f31859459f8624c78ec43f428960435386056b9d4149460374afcae230b2263f57891c2d23aaa726a5be51aad18bbce4f3619684db9e7
- SSDEEP
  
  24576:hQRr47XdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMak:h64BbTChxKCnFnQXBbrtgb/iQvu0UHO0
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2