Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9987357d56165f70d770956036f866820d519501df699cd8f4ca9e5973bfdd8e_NeikiAnalytics.exe
-
Size
2.6MB
-
Sample
240628-qfjzns1dne
-
MD5
6011884027c7190e27d8394a06de6ab0
-
SHA1
4bf3aa2fe0d732e0de1e484baf5c7d28045cc2b7
-
SHA256
9987357d56165f70d770956036f866820d519501df699cd8f4ca9e5973bfdd8e
-
SHA512
04b6350cd22974d830c81400cac432b40877c8ffd431ddb15e46af7bf1c39eaad9344370115e6fc8e683970bce8037a448a525e9668203d0e698a36f7ec59c89
-
SSDEEP
49152:dT17pq/X+p1y+kGd7mpHg0KB4O8b8ITDnl1Zka:dTtpZjy+77O
Malware Config
Targets
-
-
Target
9987357d56165f70d770956036f866820d519501df699cd8f4ca9e5973bfdd8e_NeikiAnalytics.exe
-
Size
2.6MB
-
MD5
6011884027c7190e27d8394a06de6ab0
-
SHA1
4bf3aa2fe0d732e0de1e484baf5c7d28045cc2b7
-
SHA256
9987357d56165f70d770956036f866820d519501df699cd8f4ca9e5973bfdd8e
-
SHA512
04b6350cd22974d830c81400cac432b40877c8ffd431ddb15e46af7bf1c39eaad9344370115e6fc8e683970bce8037a448a525e9668203d0e698a36f7ec59c89
-
SSDEEP
49152:dT17pq/X+p1y+kGd7mpHg0KB4O8b8ITDnl1Zka:dTtpZjy+77O
Score7/10-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1