3a4737785e60f00f786af8b9b0dc0ef9fedde0a7a899f6e3309dc86b99be33f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a4737785e60f00f786af8b9b0dc0ef9fedde0a7a899f6e3309dc86b99be33f4_NeikiAnalytics.exe
Size

12KB
Sample

240625-g4ns4axfmm
MD5

830d9bcf977cf5abd8e765110997bd80
SHA1

87bb1e1b4b73f1a083dc888f42b6bef7fafa67f9
SHA256

3a4737785e60f00f786af8b9b0dc0ef9fedde0a7a899f6e3309dc86b99be33f4
SHA512

8064acfcf5c1412c07a6d4ace053e651811fd5ba1320575f150277ed6c2921af17cfa41722b8b36a3bfe3996beb58e06df9c2785d059a6d44706fed7a16522b9
SSDEEP

384:gL7li/2zJq2DcEQvdhcJKLTp/NK9xaG3:+ZM/Q9cG3

Score

7^/10

Malware Config

Targets

- Target
  
  3a4737785e60f00f786af8b9b0dc0ef9fedde0a7a899f6e3309dc86b99be33f4_NeikiAnalytics.exe
- Size
  
  12KB
- MD5
  
  830d9bcf977cf5abd8e765110997bd80
- SHA1
  
  87bb1e1b4b73f1a083dc888f42b6bef7fafa67f9
- SHA256
  
  3a4737785e60f00f786af8b9b0dc0ef9fedde0a7a899f6e3309dc86b99be33f4
- SHA512
  
  8064acfcf5c1412c07a6d4ace053e651811fd5ba1320575f150277ed6c2921af17cfa41722b8b36a3bfe3996beb58e06df9c2785d059a6d44706fed7a16522b9
- SSDEEP
  
  384:gL7li/2zJq2DcEQvdhcJKLTp/NK9xaG3:+ZM/Q9cG3
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2