General

  • Target

    61f1c1751590a1820695119759b5cde2d76b789ebbd5fdf6226876a02053c1b4_NeikiAnalytics.exe

  • Size

    472KB

  • Sample

    240621-mkrcrszemj

  • MD5

    cc893b520cd2e53c94a76ea0d3567c10

  • SHA1

    6ca0aa4703d286ab6dd29781e5f7ecf929e85cf4

  • SHA256

    61f1c1751590a1820695119759b5cde2d76b789ebbd5fdf6226876a02053c1b4

  • SHA512

    d1aca0d65b67f9ec4c163cc37778e58b8cb0686a38e266e03b337b0492ab12617d4ff99131fe7da162ebb4e74a4a44db3f8d3045bb1ed235ef11b474abb4cdad

  • SSDEEP

    3072:sr85Ca5GfqPubpz1SUo3JeWxmbHpXjjavyvPoVGe+dZ/9xIAe+3aJpqWXTBuy:k9adP4pz1S33Jr4VSvyXoYzrB+pqU/

Malware Config

Targets

    • Target

      61f1c1751590a1820695119759b5cde2d76b789ebbd5fdf6226876a02053c1b4_NeikiAnalytics.exe

    • Size

      472KB

    • MD5

      cc893b520cd2e53c94a76ea0d3567c10

    • SHA1

      6ca0aa4703d286ab6dd29781e5f7ecf929e85cf4

    • SHA256

      61f1c1751590a1820695119759b5cde2d76b789ebbd5fdf6226876a02053c1b4

    • SHA512

      d1aca0d65b67f9ec4c163cc37778e58b8cb0686a38e266e03b337b0492ab12617d4ff99131fe7da162ebb4e74a4a44db3f8d3045bb1ed235ef11b474abb4cdad

    • SSDEEP

      3072:sr85Ca5GfqPubpz1SUo3JeWxmbHpXjjavyvPoVGe+dZ/9xIAe+3aJpqWXTBuy:k9adP4pz1S33Jr4VSvyXoYzrB+pqU/

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks