General
-
Target
42926914c243de4d353c5696e99b7180_NeikiAnalytics.exe
-
Size
31KB
-
Sample
240618-n6pxhawhrm
-
MD5
42926914c243de4d353c5696e99b7180
-
SHA1
28fed250f394e9797a5750ef30abb5a9a704c511
-
SHA256
2c4be3743de71419d82f518a7fce682852a0ae5f2bd9afe4bb040cd88650608d
-
SHA512
77138afdef16a7deb3c128cd2631d6f9d33f7ae49696f59035847ddca738f2f2fd170976a8bb1454bf7eef9533612ef2375d65c3b0b77c5c41902ffb04fc911a
-
SSDEEP
768:lYd6mcp9P3Szxdupg8dT3K1Dv80QmIDUu0tibMj:5mQ6hphQVkxj
Behavioral task
behavioral1
Sample
42926914c243de4d353c5696e99b7180_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
42926914c243de4d353c5696e99b7180_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
servicex64
20.ip.gl.ply.gg:18169
ec03c8ace6c1b6e6900efd23d11fe434
-
reg_key
ec03c8ace6c1b6e6900efd23d11fe434
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
42926914c243de4d353c5696e99b7180_NeikiAnalytics.exe
-
Size
31KB
-
MD5
42926914c243de4d353c5696e99b7180
-
SHA1
28fed250f394e9797a5750ef30abb5a9a704c511
-
SHA256
2c4be3743de71419d82f518a7fce682852a0ae5f2bd9afe4bb040cd88650608d
-
SHA512
77138afdef16a7deb3c128cd2631d6f9d33f7ae49696f59035847ddca738f2f2fd170976a8bb1454bf7eef9533612ef2375d65c3b0b77c5c41902ffb04fc911a
-
SSDEEP
768:lYd6mcp9P3Szxdupg8dT3K1Dv80QmIDUu0tibMj:5mQ6hphQVkxj
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1