General

  • Target

    75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7_NeikiAnalytics.exe

  • Size

    265KB

  • Sample

    240628-d2pe3ayfpd

  • MD5

    3a0b63cac94e79b0cce28ec93ff52dd0

  • SHA1

    f47c93a086ee50fc45d66a1bebf962b24702effb

  • SHA256

    75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7

  • SHA512

    5a37b035c469dde6ee40a209c6728f2dc791fbe5c1bcd0b30bfa20041f2c6f73b9a0298c46211d27ae0d035f859e9cf7b43f0aa06f7c47db56b20fe52c4da86b

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sK:WFzDqa86hV6uRRqX1evPlwAEK

Malware Config

Targets

    • Target

      75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7_NeikiAnalytics.exe

    • Size

      265KB

    • MD5

      3a0b63cac94e79b0cce28ec93ff52dd0

    • SHA1

      f47c93a086ee50fc45d66a1bebf962b24702effb

    • SHA256

      75adbfdd47b0e66d0774f54187125345f1ecca5f5a5314287f32c82606300bc7

    • SHA512

      5a37b035c469dde6ee40a209c6728f2dc791fbe5c1bcd0b30bfa20041f2c6f73b9a0298c46211d27ae0d035f859e9cf7b43f0aa06f7c47db56b20fe52c4da86b

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sK:WFzDqa86hV6uRRqX1evPlwAEK

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks