General
-
Target
94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a_NeikiAnalytics.exe
-
Size
1.4MB
-
Sample
240622-nqdjjazgmp
-
MD5
97b23139da79f6430928ba2296f9a0b0
-
SHA1
f58db383a40669dc7af2839047a6d63f1c0d86e2
-
SHA256
94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a
-
SHA512
5aeb382220efdbdc36f7277b6c0276c47be78e15d33e3535fe379e9edc6b49b8c5796de8bc4f76a80a8cb9d81ef61c6d355509f418346d79d12ec02e9c9b6802
-
SSDEEP
24576:wKjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6Cs:wKjKWQc2b1FVgbjrjxPe1pbPSQm1Flor
Behavioral task
behavioral1
Sample
94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a_NeikiAnalytics.exe
-
Size
1.4MB
-
MD5
97b23139da79f6430928ba2296f9a0b0
-
SHA1
f58db383a40669dc7af2839047a6d63f1c0d86e2
-
SHA256
94974e15075de3637f7a76d3b503006e545fd2c116c11bd4f4bb96ed95441f8a
-
SHA512
5aeb382220efdbdc36f7277b6c0276c47be78e15d33e3535fe379e9edc6b49b8c5796de8bc4f76a80a8cb9d81ef61c6d355509f418346d79d12ec02e9c9b6802
-
SSDEEP
24576:wKjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6Cs:wKjKWQc2b1FVgbjrjxPe1pbPSQm1Flor
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
3Change Default File Association
1Image File Execution Options Injection
1Component Object Model Hijacking
1