Overview

overview

10

Static

static

3

c39fe1fb7f...cs.exe

windows7-x64

10

c39fe1fb7f...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c39fe1fb7fc5332da7e96d8c358c5980_NeikiAnalytics.exe

  • Size

    292KB

  • Sample

    240619-rqjmbswgmn

  • MD5

    c39fe1fb7fc5332da7e96d8c358c5980

  • SHA1

    949f76531b6e0c4557d69aa7f3fd1b42a7c35d4d

  • SHA256

    f261571235b0e1cdcf23547c0d670d3ac7a3d8147fefaeac396221471fed4c72

  • SHA512

    68acbdf4884eae445eb0033db22d65bb0e7e0b79ba5c46207b9c4d4af10573fde17482f4707d8ec650dd028cd86fe0b62991ca4ad23e7e84eb91fe4113a8ebdb

  • SSDEEP

    3072:eg9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgx3Qe:keC4EwZFoobUk8qp0qpgl8E1P+DJC

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      c39fe1fb7fc5332da7e96d8c358c5980_NeikiAnalytics.exe

    • Size

      292KB

    • MD5

      c39fe1fb7fc5332da7e96d8c358c5980

    • SHA1

      949f76531b6e0c4557d69aa7f3fd1b42a7c35d4d

    • SHA256

      f261571235b0e1cdcf23547c0d670d3ac7a3d8147fefaeac396221471fed4c72

    • SHA512

      68acbdf4884eae445eb0033db22d65bb0e7e0b79ba5c46207b9c4d4af10573fde17482f4707d8ec650dd028cd86fe0b62991ca4ad23e7e84eb91fe4113a8ebdb

    • SSDEEP

      3072:eg9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgx3Qe:keC4EwZFoobUk8qp0qpgl8E1P+DJC

    Score
    10/10
    evasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks