General

  • Target

    1bd397fd707fc1c211521fe77d807766f9e50f9b16f33dc068228b6bd7fcf8f9_NeikiAnalytics.exe

  • Size

    7.7MB

  • Sample

    240620-ahtc5aybmb

  • MD5

    716cd336d08457cf42a7635e8468d6d0

  • SHA1

    24572b3e6003ebe76a3206a449d96f88d7de4037

  • SHA256

    1bd397fd707fc1c211521fe77d807766f9e50f9b16f33dc068228b6bd7fcf8f9

  • SHA512

    a130e2534ad949eb4abf71ed09e9c703e303ddcbdfe504281ae1cbc0527b94519b55d7adee0b69281c2879b1f4dd3d8b23de302e98ee011ba17b6e89159c3ec2

  • SSDEEP

    98304:Yr10vITB2lUZZ2amaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqOSpXq3zOZs5J1n6kV:Yr1OIfeNlpYfMQc2sDSEBhn6ksVzC

Malware Config

Targets

    • Target

      1bd397fd707fc1c211521fe77d807766f9e50f9b16f33dc068228b6bd7fcf8f9_NeikiAnalytics.exe

    • Size

      7.7MB

    • MD5

      716cd336d08457cf42a7635e8468d6d0

    • SHA1

      24572b3e6003ebe76a3206a449d96f88d7de4037

    • SHA256

      1bd397fd707fc1c211521fe77d807766f9e50f9b16f33dc068228b6bd7fcf8f9

    • SHA512

      a130e2534ad949eb4abf71ed09e9c703e303ddcbdfe504281ae1cbc0527b94519b55d7adee0b69281c2879b1f4dd3d8b23de302e98ee011ba17b6e89159c3ec2

    • SSDEEP

      98304:Yr10vITB2lUZZ2amaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqOSpXq3zOZs5J1n6kV:Yr1OIfeNlpYfMQc2sDSEBhn6ksVzC

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks