General

  • Target

    94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a_NeikiAnalytics.exe

  • Size

    1.4MB

  • Sample

    240622-nqdjjazgmp

  • MD5

    97b23139da79f6430928ba2296f9a0b0

  • SHA1

    f58db383a40669dc7af2839047a6d63f1c0d86e2

  • SHA256

    94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a

  • SHA512

    5aeb382220efdbdc36f7277b6c0276c47be78e15d33e3535fe379e9edc6b49b8c5796de8bc4f76a80a8cb9d81ef61c6d355509f418346d79d12ec02e9c9b6802

  • SSDEEP

    24576:wKjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6Cs:wKjKWQc2b1FVgbjrjxPe1pbPSQm1Flor

Malware Config

Targets

    • Target

      94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a_NeikiAnalytics.exe

    • Size

      1.4MB

    • MD5

      97b23139da79f6430928ba2296f9a0b0

    • SHA1

      f58db383a40669dc7af2839047a6d63f1c0d86e2

    • SHA256

      94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a

    • SHA512

      5aeb382220efdbdc36f7277b6c0276c47be78e15d33e3535fe379e9edc6b49b8c5796de8bc4f76a80a8cb9d81ef61c6d355509f418346d79d12ec02e9c9b6802

    • SSDEEP

      24576:wKjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6Cs:wKjKWQc2b1FVgbjrjxPe1pbPSQm1Flor

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

3
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

3
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks