General
-
Target
8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76_NeikiAnalytics.exe
-
Size
68KB
-
Sample
240629-kcbw1atgjd
-
MD5
f285bb29b6e4476df16c5dca03df7e30
-
SHA1
3a2d1d3600487aefc3839f8873a3a388d8417fba
-
SHA256
8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76
-
SHA512
adfedad4d0476f0cc3b6eb5b1a51699f60ec0c72ad42740174594773f4e91ab2bf1f2e5782cac2c34ced3d76054cb0edb4e9aeb17290a3b17f6a33d31d8a7433
-
SSDEEP
1536:ah2S7CNP4d+okkGbbXwwf0Q7X/7PeZVclN:ah2S7jdDGbbXFPKzY
Behavioral task
behavioral1
Sample
8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76_NeikiAnalytics.exe
Resource
win7-20240220-en
Malware Config
Extracted
asyncrat
2.0.0
Default
webwhatsapp.cc:65503
ShiningForceRatMutex_cs_cs_cs
-
delay
1
-
install
true
-
install_file
wps.exe
-
install_folder
%AppData%
Targets
-
-
Target
8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76_NeikiAnalytics.exe
-
Size
68KB
-
MD5
f285bb29b6e4476df16c5dca03df7e30
-
SHA1
3a2d1d3600487aefc3839f8873a3a388d8417fba
-
SHA256
8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76
-
SHA512
adfedad4d0476f0cc3b6eb5b1a51699f60ec0c72ad42740174594773f4e91ab2bf1f2e5782cac2c34ced3d76054cb0edb4e9aeb17290a3b17f6a33d31d8a7433
-
SSDEEP
1536:ah2S7CNP4d+okkGbbXwwf0Q7X/7PeZVclN:ah2S7jdDGbbXFPKzY
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-