General

  • Target

    0a1bb37f693d19a900181293ca80c97f632d8b50f9029f7fa01e11e85eff6621_NeikiAnalytics.exe

  • Size

    1.1MB

  • Sample

    240620-y5k72azfjq

  • MD5

    d4a2d0703f7aee17dcba4e63182f6fd0

  • SHA1

    c2a52aeceb242124ba0aedb1e99da62f2f490220

  • SHA256

    0a1bb37f693d19a900181293ca80c97f632d8b50f9029f7fa01e11e85eff6621

  • SHA512

    3dff79b01025b9b26b623e3bbe27656c5c4c7626e374b60d3f891e280be12c0de6a1d2202b832c68c9c902098c56da40e42108a98aff13b841d21a508671de3b

  • SSDEEP

    12288:nNxqFtYKzOTDjJI53C8fSxOQisgOBQWnUf3ewnmqp/mogNkeXeTkDO83/S33g86+:NUNOlI5hqQKBxyiquCkl/cw7vE

Malware Config

Targets

    • Target

      0a1bb37f693d19a900181293ca80c97f632d8b50f9029f7fa01e11e85eff6621_NeikiAnalytics.exe

    • Size

      1.1MB

    • MD5

      d4a2d0703f7aee17dcba4e63182f6fd0

    • SHA1

      c2a52aeceb242124ba0aedb1e99da62f2f490220

    • SHA256

      0a1bb37f693d19a900181293ca80c97f632d8b50f9029f7fa01e11e85eff6621

    • SHA512

      3dff79b01025b9b26b623e3bbe27656c5c4c7626e374b60d3f891e280be12c0de6a1d2202b832c68c9c902098c56da40e42108a98aff13b841d21a508671de3b

    • SSDEEP

      12288:nNxqFtYKzOTDjJI53C8fSxOQisgOBQWnUf3ewnmqp/mogNkeXeTkDO83/S33g86+:NUNOlI5hqQKBxyiquCkl/cw7vE

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks