General

  • Target

    39fc249d57d047debe9695614944412859787fe3e8ba7620a2ae0aa96416c30b_NeikiAnalytics.exe

  • Size

    95KB

  • Sample

    240621-enc1jsxglf

  • MD5

    f18fdd6ae40ad70cad85376ce5cecc40

  • SHA1

    fe8c4c672bd1b49878e6db377e657a130935d268

  • SHA256

    39fc249d57d047debe9695614944412859787fe3e8ba7620a2ae0aa96416c30b

  • SHA512

    f9786edbb7e80688fdcb2aed40e1ff6f6dc0a0898d42e839d3e21de15d58c03effc933802ebca8780d359f6e833e08e4c033d79f1f17e88fd50da008d0d51d44

  • SSDEEP

    1536:JxqjQ+P04wsmJCHM7MC1M7MDgAkCJD5rKDRib1F540Lp2Yr:sr85CHM7p1M7s9JpdDVNx

Malware Config

Targets

    • Target

      39fc249d57d047debe9695614944412859787fe3e8ba7620a2ae0aa96416c30b_NeikiAnalytics.exe

    • Size

      95KB

    • MD5

      f18fdd6ae40ad70cad85376ce5cecc40

    • SHA1

      fe8c4c672bd1b49878e6db377e657a130935d268

    • SHA256

      39fc249d57d047debe9695614944412859787fe3e8ba7620a2ae0aa96416c30b

    • SHA512

      f9786edbb7e80688fdcb2aed40e1ff6f6dc0a0898d42e839d3e21de15d58c03effc933802ebca8780d359f6e833e08e4c033d79f1f17e88fd50da008d0d51d44

    • SSDEEP

      1536:JxqjQ+P04wsmJCHM7MC1M7MDgAkCJD5rKDRib1F540Lp2Yr:sr85CHM7p1M7s9JpdDVNx

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks