Overview

overview

10

Static

static

3

48e774dee2...cs.exe

windows7-x64

10

48e774dee2...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48e774dee2ab013d234248931f7c8e822e14c5d21ce9fb543933e6c2252f5b0f_NeikiAnalytics.exe

  • Size

    1.9MB

  • Sample

    240627-elfzes1fjc

  • MD5

    fa307f68bd87260456ada24f7e6ace90

  • SHA1

    12a15df3b9de4292583faf78ecfc054ba9159be0

  • SHA256

    48e774dee2ab013d234248931f7c8e822e14c5d21ce9fb543933e6c2252f5b0f

  • SHA512

    a2632f212eb92b2d4d35cc10b9b7985aa64a865206ed6660ade885d6b6e0c79f85e17b8da8848684168f479a738ceb65beef52f4b46e7923ed299d674f5ca809

  • SSDEEP

    24576:nDQIvJjFj1n27tXZavwruzm+o2qJGHG49W1hjDUcSz2ToHY9I+s:nUm9k7BRGWJGFWioTu+

Score
10/10
spywarestealer

Malware Config

Targets

    • Target

      48e774dee2ab013d234248931f7c8e822e14c5d21ce9fb543933e6c2252f5b0f_NeikiAnalytics.exe

    • Size

      1.9MB

    • MD5

      fa307f68bd87260456ada24f7e6ace90

    • SHA1

      12a15df3b9de4292583faf78ecfc054ba9159be0

    • SHA256

      48e774dee2ab013d234248931f7c8e822e14c5d21ce9fb543933e6c2252f5b0f

    • SHA512

      a2632f212eb92b2d4d35cc10b9b7985aa64a865206ed6660ade885d6b6e0c79f85e17b8da8848684168f479a738ceb65beef52f4b46e7923ed299d674f5ca809

    • SSDEEP

      24576:nDQIvJjFj1n27tXZavwruzm+o2qJGHG49W1hjDUcSz2ToHY9I+s:nUm9k7BRGWJGFWioTu+

    Score
    10/10
    spywarestealer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks