General

  • Target

    6de7ca1bfd26727548dd36d0133d5840_NeikiAnalytics.exe

  • Size

    1.3MB

  • Sample

    240617-ksanwaxcqk

  • MD5

    6de7ca1bfd26727548dd36d0133d5840

  • SHA1

    f5150445e176e1e7652d68e3c910089ad7b55385

  • SHA256

    530a05e992495a3f700e1ccfd2393e956269680b342ac87807f6d774b9fd169f

  • SHA512

    53fdc246d926ee8b5cdcb33a610a151b85311a36f32f099e8675b7df361045f0d690da12358910f1bd3a29b5fd8e18360f34df2ed2dee714a1e4f36c863b2abb

  • SSDEEP

    12288:lIrjrIJVSTZaYUW4+wsxqsAPrX2KWdFtbOzSaAvtQ23QhV3YoJasZ39:2HrIJVqZaV6YsAjXsdfRaAlvuYHo

Malware Config

Targets

    • Target

      6de7ca1bfd26727548dd36d0133d5840_NeikiAnalytics.exe

    • Size

      1.3MB

    • MD5

      6de7ca1bfd26727548dd36d0133d5840

    • SHA1

      f5150445e176e1e7652d68e3c910089ad7b55385

    • SHA256

      530a05e992495a3f700e1ccfd2393e956269680b342ac87807f6d774b9fd169f

    • SHA512

      53fdc246d926ee8b5cdcb33a610a151b85311a36f32f099e8675b7df361045f0d690da12358910f1bd3a29b5fd8e18360f34df2ed2dee714a1e4f36c863b2abb

    • SSDEEP

      12288:lIrjrIJVSTZaYUW4+wsxqsAPrX2KWdFtbOzSaAvtQ23QhV3YoJasZ39:2HrIJVqZaV6YsAjXsdfRaAlvuYHo

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks