Overview

overview

7

Static

static

3

804c53d3fc...cs.exe

windows7-x64

7

804c53d3fc...cs.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    804c53d3fc26a4a1976bab9bbd8f293042eb6272cacb06c068c916ba61170107_NeikiAnalytics.exe

  • Size

    2.1MB

  • Sample

    240624-rrysmszfkj

  • MD5

    8c16db72260a8ccfb5587c56caaa42c0

  • SHA1

    4210dcd87a5dffe3dcb6f89705b51ff2a1549531

  • SHA256

    804c53d3fc26a4a1976bab9bbd8f293042eb6272cacb06c068c916ba61170107

  • SHA512

    e240f5eefbfc00467776c6f75778670b7def8def261df12bbaf66d5a75048b9811131537738c96b89156b5a9efa2496b1ec8a3d26d3d41f089c0130e8d950eaa

  • SSDEEP

    49152:VRxGUGzWy3NYtDSw9tMNRuhX1IpeCaBfiVYuAQ2S8p:9DgJ963efI+peCki6LQOp

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      804c53d3fc26a4a1976bab9bbd8f293042eb6272cacb06c068c916ba61170107_NeikiAnalytics.exe

    • Size

      2.1MB

    • MD5

      8c16db72260a8ccfb5587c56caaa42c0

    • SHA1

      4210dcd87a5dffe3dcb6f89705b51ff2a1549531

    • SHA256

      804c53d3fc26a4a1976bab9bbd8f293042eb6272cacb06c068c916ba61170107

    • SHA512

      e240f5eefbfc00467776c6f75778670b7def8def261df12bbaf66d5a75048b9811131537738c96b89156b5a9efa2496b1ec8a3d26d3d41f089c0130e8d950eaa

    • SSDEEP

      49152:VRxGUGzWy3NYtDSw9tMNRuhX1IpeCaBfiVYuAQ2S8p:9DgJ963efI+peCki6LQOp

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks