1f4487f7e6cd75b66333671f5a5cbc7b9fec5eb6236c079eeba9fe714b0bde09 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f4487f7e6cd75b66333671f5a5cbc7b9fec5eb6236c079eeba9fe714b0bde09_NeikiAnalytics.exe
Size

1.3MB
Sample

240625-cawvdsvamg
MD5

48b44c1a276bc79d1593a3c3dcf11af0
SHA1

f57ab162815b76d459851e6a922b61f5a5c5bf13
SHA256

1f4487f7e6cd75b66333671f5a5cbc7b9fec5eb6236c079eeba9fe714b0bde09
SHA512

3873d44487b567067e28c9d9c1295ff71a32da701743e7a2adeec25b818bd5f26ae9c7dbdd615ed4fdd60a6c227347c45a91c50b1c3bd21f7e346d787c20f234
SSDEEP

24576:0/ApeDWpzxyLt1Y5o5n4s0Ab7Ixb0wiqu86LIzfWZB0vxI0:04xat1qoBHcOwimtZH

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1f4487f7e6cd75b66333671f5a5cbc7b9fec5eb6236c079eeba9fe714b0bde09_NeikiAnalytics.exe
- Size
  
  1.3MB
- MD5
  
  48b44c1a276bc79d1593a3c3dcf11af0
- SHA1
  
  f57ab162815b76d459851e6a922b61f5a5c5bf13
- SHA256
  
  1f4487f7e6cd75b66333671f5a5cbc7b9fec5eb6236c079eeba9fe714b0bde09
- SHA512
  
  3873d44487b567067e28c9d9c1295ff71a32da701743e7a2adeec25b818bd5f26ae9c7dbdd615ed4fdd60a6c227347c45a91c50b1c3bd21f7e346d787c20f234
- SSDEEP
  
  24576:0/ApeDWpzxyLt1Y5o5n4s0Ab7Ixb0wiqu86LIzfWZB0vxI0:04xat1qoBHcOwimtZH
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2