General
-
Target
0f63fbdacbf4c7c588befd9fbda6a8ee896995067929fbc2c374b259e4503c4c_NeikiAnalytics.exe
-
Size
156KB
-
Sample
240620-z5m73axejb
-
MD5
aa28630b1d123bb45b7362d0b4c4b100
-
SHA1
acdf7d95d6f81103271c81652ce5c3ca37dabab7
-
SHA256
0f63fbdacbf4c7c588befd9fbda6a8ee896995067929fbc2c374b259e4503c4c
-
SHA512
b92341f0fed290a10f660294626a92e41a82c3b9858075200ee76c25e3d750a0ddbe76921ab2c7aeac328e29d7fa97bedc4d47adb83a60aef8695c6392694fd7
-
SSDEEP
1536:JxqjQ+P04wsmJCwugrZpVnWw7V15Frrmie3Mz8enofIxQrFP+ZruOxqjQ+P04wsX:sr85CwugDVnj7V15FrvweZQhGZwr85C
Malware Config
Targets
-
-
Target
0f63fbdacbf4c7c588befd9fbda6a8ee896995067929fbc2c374b259e4503c4c_NeikiAnalytics.exe
-
Size
156KB
-
MD5
aa28630b1d123bb45b7362d0b4c4b100
-
SHA1
acdf7d95d6f81103271c81652ce5c3ca37dabab7
-
SHA256
0f63fbdacbf4c7c588befd9fbda6a8ee896995067929fbc2c374b259e4503c4c
-
SHA512
b92341f0fed290a10f660294626a92e41a82c3b9858075200ee76c25e3d750a0ddbe76921ab2c7aeac328e29d7fa97bedc4d47adb83a60aef8695c6392694fd7
-
SSDEEP
1536:JxqjQ+P04wsmJCwugrZpVnWw7V15Frrmie3Mz8enofIxQrFP+ZruOxqjQ+P04wsX:sr85CwugDVnj7V15FrvweZQhGZwr85C
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Phorphiex payload
-
Phorphiex, Phorpiex
Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1