Overview

overview

10

Static

static

7

963071517f...cs.exe

windows7-x64

10

963071517f...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    963071517f4ecc353c66d75fbb4d879ec0acd88ced3efe29a4b9ebb3b768ea1c_NeikiAnalytics.exe

  • Size

    221KB

  • Sample

    240628-nvqdwsxerg

  • MD5

    5f24265695188be4c20bc8e58b59b010

  • SHA1

    1b1d542b65ee26dc19b441741d6f8b800975be6c

  • SHA256

    963071517f4ecc353c66d75fbb4d879ec0acd88ced3efe29a4b9ebb3b768ea1c

  • SHA512

    b53411f8ae80a6c65206c08b9b950b35f80f0259b5a0e165d60b84282193388c14643c9b368b4dc2239d0e991c017d14daaece9d7a246ad548855266edc53fc0

  • SSDEEP

    3072:DCUNVoh0tQ9nLHbB9WHCS0AgTlhsp3mWH5D:Dch4QxL7B9WHK9Jhsp3p5

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      963071517f4ecc353c66d75fbb4d879ec0acd88ced3efe29a4b9ebb3b768ea1c_NeikiAnalytics.exe

    • Size

      221KB

    • MD5

      5f24265695188be4c20bc8e58b59b010

    • SHA1

      1b1d542b65ee26dc19b441741d6f8b800975be6c

    • SHA256

      963071517f4ecc353c66d75fbb4d879ec0acd88ced3efe29a4b9ebb3b768ea1c

    • SHA512

      b53411f8ae80a6c65206c08b9b950b35f80f0259b5a0e165d60b84282193388c14643c9b368b4dc2239d0e991c017d14daaece9d7a246ad548855266edc53fc0

    • SSDEEP

      3072:DCUNVoh0tQ9nLHbB9WHCS0AgTlhsp3mWH5D:Dch4QxL7B9WHK9Jhsp3p5

    Score
    10/10
    evasionpersistenceupx

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks