8c02f1bdb9b58c31251e15d20496af48009a6164e85f8ea62fe1c83ba0611e80 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c02f1bdb9b58c31251e15d20496af48009a6164e85f8ea62fe1c83ba0611e80_NeikiAnalytics.exe
Size

1.8MB
Sample

240628-h6rhfaxdmg
MD5

3484458e74ae2c4bb809d6d85f1daf40
SHA1

9bfe9499346ec2dbeb72ae6aca7e26ee68ee17b6
SHA256

8c02f1bdb9b58c31251e15d20496af48009a6164e85f8ea62fe1c83ba0611e80
SHA512

83406d8de19c71305da38063715fb1c2e6cd64c32722b1c9e23f557f13bc5c2a80348c06387baf1d3ff588b3cec8246ed9c73f14d7966ac143da3a3ecbbb4f14
SSDEEP

49152:Vqc+QakVoRhD7wCbqRBPurwdR9qd383BCL9b:ADwPBPuOPqdIY

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  8c02f1bdb9b58c31251e15d20496af48009a6164e85f8ea62fe1c83ba0611e80_NeikiAnalytics.exe
- Size
  
  1.8MB
- MD5
  
  3484458e74ae2c4bb809d6d85f1daf40
- SHA1
  
  9bfe9499346ec2dbeb72ae6aca7e26ee68ee17b6
- SHA256
  
  8c02f1bdb9b58c31251e15d20496af48009a6164e85f8ea62fe1c83ba0611e80
- SHA512
  
  83406d8de19c71305da38063715fb1c2e6cd64c32722b1c9e23f557f13bc5c2a80348c06387baf1d3ff588b3cec8246ed9c73f14d7966ac143da3a3ecbbb4f14
- SSDEEP
  
  49152:Vqc+QakVoRhD7wCbqRBPurwdR9qd383BCL9b:ADwPBPuOPqdIY
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2