General

  • Target

    466aee98a4ee88f78979efb7ddd4b3252790d80f670d52f13e4163dbf94b0abc_NeikiAnalytics.exe

  • Size

    6.8MB

  • Sample

    240620-jknebswglf

  • MD5

    39e86237b8b5ffa9d9873e9e95621ec0

  • SHA1

    0303d07dcbfa190899d58ddc00ac44c0149e8d0a

  • SHA256

    466aee98a4ee88f78979efb7ddd4b3252790d80f670d52f13e4163dbf94b0abc

  • SHA512

    106b398cec2fc1c8d0ee68bc72e4b0cbdc6a693d8739c0000e916cac41a3c4d6b279d10209a1b3902828b7f7ad42e6e7e2c387a29bbf60ab8dbaf3018d46c270

  • SSDEEP

    98304:mHUco/nuKcOZVrWDwzCtguxfs1iNV3WjyBM4i:mAPuKcOZVywLki

Malware Config

Targets

    • Target

      466aee98a4ee88f78979efb7ddd4b3252790d80f670d52f13e4163dbf94b0abc_NeikiAnalytics.exe

    • Size

      6.8MB

    • MD5

      39e86237b8b5ffa9d9873e9e95621ec0

    • SHA1

      0303d07dcbfa190899d58ddc00ac44c0149e8d0a

    • SHA256

      466aee98a4ee88f78979efb7ddd4b3252790d80f670d52f13e4163dbf94b0abc

    • SHA512

      106b398cec2fc1c8d0ee68bc72e4b0cbdc6a693d8739c0000e916cac41a3c4d6b279d10209a1b3902828b7f7ad42e6e7e2c387a29bbf60ab8dbaf3018d46c270

    • SSDEEP

      98304:mHUco/nuKcOZVrWDwzCtguxfs1iNV3WjyBM4i:mAPuKcOZVywLki

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks