Extracted

• • Target

    3bca3e183af73f57f76ef41673a30358ff0b45cf508686e5bb25cf0b12f612af_NeikiAnalytics.exe

  • Size

    156KB

  • MD5

    fca036dd87095f96db816a0dd84e8e30

  • SHA1

    1527e7ff676db1574cc05419302d611a9b669dd7

  • SHA256

    3bca3e183af73f57f76ef41673a30358ff0b45cf508686e5bb25cf0b12f612af

  • SHA512

    2a760582c8cc03e8b87fb3b38578c28e3e932ceae7983c0f2bac1a7e017e880460cb9485e680d2b8714943ef2d4f6513e7f000ca37b0d95fc34f436ad313c538

  • SSDEEP

    1536:JxqjQ+P04wsmJC5X5WKxqlfF+XEdeeeeeeeeeeeeeeeeeeeWeeeeecOxqjQ+P04U:sr85C5pvqlfFjfr85CEwbk1LSiGo

  Score

  10^/10

  neshtaphorphiexxmrigevasionloaderminerpersistencespywarestealertrojanworm

  • Detect Neshta payload

  • Modifies security service

    evasion

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Phorphiex payload

  • Phorphiex, Phorpiex

    Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    evasiontrojan

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2