General

  • Target

    05953ad903c237bb9845ae0c1107f21941ed2d876cd6bd2fbee95d94d9204cec_NeikiAnalytics.exe

  • Size

    11KB

  • Sample

    240623-twlpzswhpf

  • MD5

    bfc18493ebdbffd8e3c949cd7063d7f0

  • SHA1

    9ce795c72f1879e1fe539a07f00737138be49ce5

  • SHA256

    05953ad903c237bb9845ae0c1107f21941ed2d876cd6bd2fbee95d94d9204cec

  • SHA512

    c527b6cfb323ab3c9240516a7b3317a2dc68bd8ee0b8764f7a93b2f9941218aadb16be997f59d6bcbf524915a46bb1f916449517e8e76cb90bcd6fabd7975c18

  • SSDEEP

    192:1mWQnuI/zOQJfQDNNks4XGp3Q5tfBDV6RQ:1fQnuI/FQF4W33R

Malware Config

Extracted

Family

cobaltstrike

C2

http://dpo06.iex-express.com:8443/docsearch.js@2/dist/cdn/docsearch.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: dpo06.iex-express.com Referer: https://expressjs.com/en/advanced/security-updates.html Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.

Targets

    • Target

      05953ad903c237bb9845ae0c1107f21941ed2d876cd6bd2fbee95d94d9204cec_NeikiAnalytics.exe

    • Size

      11KB

    • MD5

      bfc18493ebdbffd8e3c949cd7063d7f0

    • SHA1

      9ce795c72f1879e1fe539a07f00737138be49ce5

    • SHA256

      05953ad903c237bb9845ae0c1107f21941ed2d876cd6bd2fbee95d94d9204cec

    • SHA512

      c527b6cfb323ab3c9240516a7b3317a2dc68bd8ee0b8764f7a93b2f9941218aadb16be997f59d6bcbf524915a46bb1f916449517e8e76cb90bcd6fabd7975c18

    • SSDEEP

      192:1mWQnuI/zOQJfQDNNks4XGp3Q5tfBDV6RQ:1fQnuI/FQF4W33R

MITRE ATT&CK Enterprise v15

Tasks