General

  • Target

    60c9aeff1be0f0aa39552d2aa0780019743a2c148e5f28c3d12b0bcc5afbcbc5_NeikiAnalytics.exe

  • Size

    70KB

  • Sample

    240623-mgbsxaybqg

  • MD5

    914b9df9da64f6b827e8aded315a3440

  • SHA1

    4d5c0b98c2213dddca044472a7389f951a7faeb2

  • SHA256

    60c9aeff1be0f0aa39552d2aa0780019743a2c148e5f28c3d12b0bcc5afbcbc5

  • SHA512

    f431087bfa8dafaf725c958d7624f79d029b7a71f897261247bb0c88e59a09913f5ebc25c53e165d66f8099cec366928d48cf00122dc21d02c4fecf0d0287dd0

  • SSDEEP

    1536:ugRgWWUD0NGfQpi7MSsiHdfA4qPfUfwgRgHctK24sRx+odp:1GWWUDsiHgEDGPodp

Malware Config

Targets

    • Target

      60c9aeff1be0f0aa39552d2aa0780019743a2c148e5f28c3d12b0bcc5afbcbc5_NeikiAnalytics.exe

    • Size

      70KB

    • MD5

      914b9df9da64f6b827e8aded315a3440

    • SHA1

      4d5c0b98c2213dddca044472a7389f951a7faeb2

    • SHA256

      60c9aeff1be0f0aa39552d2aa0780019743a2c148e5f28c3d12b0bcc5afbcbc5

    • SHA512

      f431087bfa8dafaf725c958d7624f79d029b7a71f897261247bb0c88e59a09913f5ebc25c53e165d66f8099cec366928d48cf00122dc21d02c4fecf0d0287dd0

    • SSDEEP

      1536:ugRgWWUD0NGfQpi7MSsiHdfA4qPfUfwgRgHctK24sRx+odp:1GWWUDsiHgEDGPodp

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks