General

  • Target

    2aa03122a9e90cfa87e672f1b2e73b985bb35f1829891c6619b1e12e1924d841_NeikiAnalytics.exe

  • Size

    121KB

  • Sample

    240621-b3qy6svene

  • MD5

    23a69273933c9a11449d213e4e50b8e0

  • SHA1

    596025bf4704904a807ca0414bdc09d51adc0c99

  • SHA256

    2aa03122a9e90cfa87e672f1b2e73b985bb35f1829891c6619b1e12e1924d841

  • SHA512

    3524626c7912217c837beba0a53c3b4b73349cfbc0a188f7a74b23712a17f56c6266d18234303722b09472fa5746b2737bd4f06634fb87c206cda9aa4d24868e

  • SSDEEP

    1536:JxqjQ+P04wsmJC0yI1j3LWfF4a7GbaPxCQvB6IZ10n7hRDvCXcZCfvDNHJWGE9Q6:sr85C0v3SfF4a4mxCQpPsn7Xkcw3rWl

Malware Config

Targets

    • Target

      2aa03122a9e90cfa87e672f1b2e73b985bb35f1829891c6619b1e12e1924d841_NeikiAnalytics.exe

    • Size

      121KB

    • MD5

      23a69273933c9a11449d213e4e50b8e0

    • SHA1

      596025bf4704904a807ca0414bdc09d51adc0c99

    • SHA256

      2aa03122a9e90cfa87e672f1b2e73b985bb35f1829891c6619b1e12e1924d841

    • SHA512

      3524626c7912217c837beba0a53c3b4b73349cfbc0a188f7a74b23712a17f56c6266d18234303722b09472fa5746b2737bd4f06634fb87c206cda9aa4d24868e

    • SSDEEP

      1536:JxqjQ+P04wsmJC0yI1j3LWfF4a7GbaPxCQvB6IZ10n7hRDvCXcZCfvDNHJWGE9Q6:sr85C0v3SfF4a4mxCQpPsn7Xkcw3rWl

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks