General
-
Target
598c5c98eef8f5b4323df4f5188bc5a8d56d15e4ea0130db197ed77e9820ef8d_NeikiAnalytics.exe
-
Size
741KB
-
Sample
240627-gvvkaaycpl
-
MD5
f0ecef46a42c0a3aa2b7c065d5b5dee0
-
SHA1
eb76f4aa956a788cb65b2ca1e42c0f6fff640fce
-
SHA256
598c5c98eef8f5b4323df4f5188bc5a8d56d15e4ea0130db197ed77e9820ef8d
-
SHA512
625177fa4160001f65946cfecb7787e3fb0c721d991b63884886b48731d59f137f24a21497763fc7da9a281b7322002775b8db23b21f10fa5a68b4ba6f7c9d6c
-
SSDEEP
12288:ltTuhrf45I8jWtJ8OgL27rd69bk5NCgGhSFB79gYhLIf6EQ9EYcw1FuAAAAAAAAQ:lIt4kt0Kd6F6CNzYhUiEWEYcwJ
Malware Config
Targets
-
-
Target
598c5c98eef8f5b4323df4f5188bc5a8d56d15e4ea0130db197ed77e9820ef8d_NeikiAnalytics.exe
-
Size
741KB
-
MD5
f0ecef46a42c0a3aa2b7c065d5b5dee0
-
SHA1
eb76f4aa956a788cb65b2ca1e42c0f6fff640fce
-
SHA256
598c5c98eef8f5b4323df4f5188bc5a8d56d15e4ea0130db197ed77e9820ef8d
-
SHA512
625177fa4160001f65946cfecb7787e3fb0c721d991b63884886b48731d59f137f24a21497763fc7da9a281b7322002775b8db23b21f10fa5a68b4ba6f7c9d6c
-
SSDEEP
12288:ltTuhrf45I8jWtJ8OgL27rd69bk5NCgGhSFB79gYhLIf6EQ9EYcw1FuAAAAAAAAQ:lIt4kt0Kd6F6CNzYhUiEWEYcwJ
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1