General
-
Target
2986a47ecfbf3b8307675ec1f6ddfcef3880127e961b698fd3d990984c333a59_NeikiAnalytics.exe
-
Size
112KB
-
Sample
240620-cx52kstelb
-
MD5
0ca7aa0612159edcb3f9f8aa0a06a560
-
SHA1
e0c5f769388794a221b0b4f49ff0910fcd1ec2c9
-
SHA256
2986a47ecfbf3b8307675ec1f6ddfcef3880127e961b698fd3d990984c333a59
-
SHA512
b54ee87bdeb8ecd9f38ca5cfe50d7c28777a39daef4dc8f4b5ba49a80490d7cbf59629b900e696b1f8271d77db81682a7b205b189bab7d81c06886d3dd2dc44d
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Malware Config
Targets
-
-
Target
2986a47ecfbf3b8307675ec1f6ddfcef3880127e961b698fd3d990984c333a59_NeikiAnalytics.exe
-
Size
112KB
-
MD5
0ca7aa0612159edcb3f9f8aa0a06a560
-
SHA1
e0c5f769388794a221b0b4f49ff0910fcd1ec2c9
-
SHA256
2986a47ecfbf3b8307675ec1f6ddfcef3880127e961b698fd3d990984c333a59
-
SHA512
b54ee87bdeb8ecd9f38ca5cfe50d7c28777a39daef4dc8f4b5ba49a80490d7cbf59629b900e696b1f8271d77db81682a7b205b189bab7d81c06886d3dd2dc44d
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-