Overview

overview

7

Static

static

3

295e02ab5c...cs.exe

windows7-x64

7

295e02ab5c...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    295e02ab5c53c16d10b96483501ae8917d169e25094556b429765c3f770db55f_NeikiAnalytics.exe

  • Size

    560KB

  • Sample

    240620-cxh7tatdrd

  • MD5

    5f3d26d69451501aeb6b429ad04c3000

  • SHA1

    b784ea265cab4b8552915aa75d9e354a56684795

  • SHA256

    295e02ab5c53c16d10b96483501ae8917d169e25094556b429765c3f770db55f

  • SHA512

    041396a27fe9cc3ad1aab5a241aeba421c07e4396a06032d7e8384a657ea50d67e9b3ae0d7b1786fa65821bd5b8558f08e1382176d0624fb3d76c343e9c2842e

  • SSDEEP

    12288:dXCNi9BbHl+p3VzRo99BJ2ZmP9nx7VBTLCdttUl3G:oW5+FVzaDz1P5hTLCdtqlW

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      295e02ab5c53c16d10b96483501ae8917d169e25094556b429765c3f770db55f_NeikiAnalytics.exe

    • Size

      560KB

    • MD5

      5f3d26d69451501aeb6b429ad04c3000

    • SHA1

      b784ea265cab4b8552915aa75d9e354a56684795

    • SHA256

      295e02ab5c53c16d10b96483501ae8917d169e25094556b429765c3f770db55f

    • SHA512

      041396a27fe9cc3ad1aab5a241aeba421c07e4396a06032d7e8384a657ea50d67e9b3ae0d7b1786fa65821bd5b8558f08e1382176d0624fb3d76c343e9c2842e

    • SSDEEP

      12288:dXCNi9BbHl+p3VzRo99BJ2ZmP9nx7VBTLCdttUl3G:oW5+FVzaDz1P5hTLCdtqlW

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks