Overview

overview

7

Static

static

3

3ced58823f...cs.exe

windows7-x64

7

3ced58823f...cs.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    3ced58823f6d177c8d76d1964f35caece4fa2cb4c77748866ddb3203c9e2aa8f_NeikiAnalytics.exe

  • Size

    1.8MB

  • Sample

    240629-ay5fbszcjr

  • MD5

    5abc02950cbb99fb547063b73974d200

  • SHA1

    137524c5858a943792cdc94b9d41ab1a3a80451d

  • SHA256

    3ced58823f6d177c8d76d1964f35caece4fa2cb4c77748866ddb3203c9e2aa8f

  • SHA512

    155c9d5c95bad6a472c683aa5633fa7b8a4822f585b57d6aad07a68dadb0d13b97392664f11a05e71f0ab80c08d8dad374ad65adaccfa2a1c9d2c8a09074a551

  • SSDEEP

    49152:V+jbj7U9kfm3zPwmHnwtzK/lzFK0w25ovsbJzZPOzDT2:Q3jY9ku3zImHwtzK9o0wB0bazf2

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      3ced58823f6d177c8d76d1964f35caece4fa2cb4c77748866ddb3203c9e2aa8f_NeikiAnalytics.exe

    • Size

      1.8MB

    • MD5

      5abc02950cbb99fb547063b73974d200

    • SHA1

      137524c5858a943792cdc94b9d41ab1a3a80451d

    • SHA256

      3ced58823f6d177c8d76d1964f35caece4fa2cb4c77748866ddb3203c9e2aa8f

    • SHA512

      155c9d5c95bad6a472c683aa5633fa7b8a4822f585b57d6aad07a68dadb0d13b97392664f11a05e71f0ab80c08d8dad374ad65adaccfa2a1c9d2c8a09074a551

    • SSDEEP

      49152:V+jbj7U9kfm3zPwmHnwtzK/lzFK0w25ovsbJzZPOzDT2:Q3jY9ku3zImHwtzK9o0wB0bazf2

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks