General
-
Target
53f1f3ce68e7a90b96dd159a7c15eb0123aca1363249929359ff38232daf68da_NeikiAnalytics.exe
-
Size
2.3MB
-
Sample
240620-l43z8s1grh
-
MD5
735141aa17837b1db0d57fa09a24b0f0
-
SHA1
a4d37e80ae1e40094a7b9f16f3c57653c401bea5
-
SHA256
53f1f3ce68e7a90b96dd159a7c15eb0123aca1363249929359ff38232daf68da
-
SHA512
b1a4de8d5ccb821df25f3e5c888450a23da50d6299e9e44c86f2042a5a63aaf78065dee49b982d595d7fd84e30cbf9878a16ac55d390b3ea86562ee683c8adf1
-
SSDEEP
49152:6jvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:6rkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Malware Config
Targets
-
-
Target
53f1f3ce68e7a90b96dd159a7c15eb0123aca1363249929359ff38232daf68da_NeikiAnalytics.exe
-
Size
2.3MB
-
MD5
735141aa17837b1db0d57fa09a24b0f0
-
SHA1
a4d37e80ae1e40094a7b9f16f3c57653c401bea5
-
SHA256
53f1f3ce68e7a90b96dd159a7c15eb0123aca1363249929359ff38232daf68da
-
SHA512
b1a4de8d5ccb821df25f3e5c888450a23da50d6299e9e44c86f2042a5a63aaf78065dee49b982d595d7fd84e30cbf9878a16ac55d390b3ea86562ee683c8adf1
-
SSDEEP
49152:6jvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:6rkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Score8/10-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-