General

  • Target

    17d942e6dbe0bca3f1471315b4bb9619b210bd3b9ac29cbf045575e127029986_NeikiAnalytics.exe

  • Size

    431KB

  • Sample

    240620-2j96ta1apf

  • MD5

    f0a0e8906c023da76ad2a5f44f4d8680

  • SHA1

    c6bfd903690f5661dd8434d1e23ece4e3d703815

  • SHA256

    17d942e6dbe0bca3f1471315b4bb9619b210bd3b9ac29cbf045575e127029986

  • SHA512

    c96e7ce746bf89d3a28b81b175c5dba068260ae636fa6d5f1caec4677689deb9e58e5c9cfdef407451b4f5141bb33fb61dd68d53cad05780835efcf12f693aa9

  • SSDEEP

    3072:TVmHpJqu0Vh6jw/fmZmRMpVuWwP5tOcQfgdVqYHKjoS1HwZCFjTPG1UFNE2XCKU/:TcHpJfHElepVuWwP5YcQfg8J+ojCKC+w

Score
10/10

Malware Config

Targets

    • Target

      17d942e6dbe0bca3f1471315b4bb9619b210bd3b9ac29cbf045575e127029986_NeikiAnalytics.exe

    • Size

      431KB

    • MD5

      f0a0e8906c023da76ad2a5f44f4d8680

    • SHA1

      c6bfd903690f5661dd8434d1e23ece4e3d703815

    • SHA256

      17d942e6dbe0bca3f1471315b4bb9619b210bd3b9ac29cbf045575e127029986

    • SHA512

      c96e7ce746bf89d3a28b81b175c5dba068260ae636fa6d5f1caec4677689deb9e58e5c9cfdef407451b4f5141bb33fb61dd68d53cad05780835efcf12f693aa9

    • SSDEEP

      3072:TVmHpJqu0Vh6jw/fmZmRMpVuWwP5tOcQfgdVqYHKjoS1HwZCFjTPG1UFNE2XCKU/:TcHpJfHElepVuWwP5YcQfg8J+ojCKC+w

    Score
    10/10
    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks