Extracted

• • Target

    b2e27e88dd895d90f19c8d0314662720_NeikiAnalytics.exe

  • Size

    653KB

  • MD5

    b2e27e88dd895d90f19c8d0314662720

  • SHA1

    cc69874f94ae42a274e4b3171e850ad2d3c02465

  • SHA256

    743302a59617675c4f87a187156f94de2d9cae38026f30bab1b8607a25a70b87

  • SHA512

    85c42f2d80fd16b81bad0f110e2c78eb2daa8cdedbbd6d2cc46cad03285b0103d7681d5420ece73ecb95b32c55f9f52934d0ea18bc5da46078a2d26b5d966ca2

  • SSDEEP

    12288:Tf4N3H1XrMFzr0bgo+adMSoy2tVxhwCmQpEZ/0hQOk8+4XKlThiHSrEZ:w1XoFcuadOyy/TC/gYDKYliH

  Score

  10^/10

  ctblockerdefense_evasionexecutionimpactransomware

  • CTB-Locker

    Ransomware family which uses Tor to hide its C2 communications.

    ransomwarectblocker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2