Overview

overview

7

Static

static

3

0a946a0410...cs.exe

windows7-x64

7

0a946a0410...cs.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

  • Size

    265KB

  • Sample

    240628-wsw3nayamf

  • MD5

    1267f45d59ff5a0c77f0e4b94f6eda40

  • SHA1

    981a9f426bc0c77853c7f0b62664359994d19cd5

  • SHA256

    0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3

  • SHA512

    aa1fe7a1f7af849cc81e733179e1c2e44eb62d17867b3b7875a9fb343390edc695f84a681c30437264495d9cf4ae198030f05ad77e6a87a1ea02f11e3932090e

  • SSDEEP

    6144:dXC4vgmhbIxs3NBRbYrbQAoHdnVu5pwNfj6QmcTt9EUHhpxjeG2:dXCNi9B0bQAmnVjOz4LTHhqG2

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

    • Size

      265KB

    • MD5

      1267f45d59ff5a0c77f0e4b94f6eda40

    • SHA1

      981a9f426bc0c77853c7f0b62664359994d19cd5

    • SHA256

      0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3

    • SHA512

      aa1fe7a1f7af849cc81e733179e1c2e44eb62d17867b3b7875a9fb343390edc695f84a681c30437264495d9cf4ae198030f05ad77e6a87a1ea02f11e3932090e

    • SSDEEP

      6144:dXC4vgmhbIxs3NBRbYrbQAoHdnVu5pwNfj6QmcTt9EUHhpxjeG2:dXCNi9B0bQAmnVjOz4LTHhqG2

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks