General

  • Target

    0e5de88c633299c010472f2d5aa43a907d7ef71488bf3923142ce7f3d34d771a_NeikiAnalytics.exe

  • Size

    266KB

  • Sample

    240629-3qe5pazbjh

  • MD5

    a7bbbccb2a2e596f2382f8618cc88dc0

  • SHA1

    a02b7e87e822d3b2334dc734ad8817cc1399b917

  • SHA256

    0e5de88c633299c010472f2d5aa43a907d7ef71488bf3923142ce7f3d34d771a

  • SHA512

    58d8967254fbfc247a7bb5425a9182e9494e97dd60d6265ae2a794557811aa24cdfc6f7b21392ca04ef4e1da7e0cc2963f41ab56234c450219fa36c634763640

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8j:WFzDqa86hV6uRRqX1evPlwAEO

Malware Config

Targets

    • Target

      0e5de88c633299c010472f2d5aa43a907d7ef71488bf3923142ce7f3d34d771a_NeikiAnalytics.exe

    • Size

      266KB

    • MD5

      a7bbbccb2a2e596f2382f8618cc88dc0

    • SHA1

      a02b7e87e822d3b2334dc734ad8817cc1399b917

    • SHA256

      0e5de88c633299c010472f2d5aa43a907d7ef71488bf3923142ce7f3d34d771a

    • SHA512

      58d8967254fbfc247a7bb5425a9182e9494e97dd60d6265ae2a794557811aa24cdfc6f7b21392ca04ef4e1da7e0cc2963f41ab56234c450219fa36c634763640

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8j:WFzDqa86hV6uRRqX1evPlwAEO

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks