General
-
Target
712678a30cdba5cb2f742be21cd9690e35fc9a6b27d520715bd89db304c35a7e_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240624-phmb5svgjp
-
MD5
081abae567cb55a8b5a7c44b38c70340
-
SHA1
9a4e75df8f0c6fd6d795e5112477b70e0047757d
-
SHA256
712678a30cdba5cb2f742be21cd9690e35fc9a6b27d520715bd89db304c35a7e
-
SHA512
523bd606c68c3ef3c451135c3f61d4d3e77ef02875ffa1e423fe883404d6ab0e44acfeb07eddde0db41b7f3a583100e15741910158635af22f719e3f4759d52a
-
SSDEEP
1536:aJUGCqveEeXdTeG4wu6oQuwEhQQWKXJR721rSTdk/cpAKdlaKrorkgA55i:aHFveEyTAK7VKXXS1GT7AKzaKrtP55i
Malware Config
Targets
-
-
Target
712678a30cdba5cb2f742be21cd9690e35fc9a6b27d520715bd89db304c35a7e_NeikiAnalytics.exe
-
Size
120KB
-
MD5
081abae567cb55a8b5a7c44b38c70340
-
SHA1
9a4e75df8f0c6fd6d795e5112477b70e0047757d
-
SHA256
712678a30cdba5cb2f742be21cd9690e35fc9a6b27d520715bd89db304c35a7e
-
SHA512
523bd606c68c3ef3c451135c3f61d4d3e77ef02875ffa1e423fe883404d6ab0e44acfeb07eddde0db41b7f3a583100e15741910158635af22f719e3f4759d52a
-
SSDEEP
1536:aJUGCqveEeXdTeG4wu6oQuwEhQQWKXJR721rSTdk/cpAKdlaKrorkgA55i:aHFveEyTAK7VKXXS1GT7AKzaKrtP55i
Score8/10-
Blocklisted process makes network request
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1