General

  • Target

    8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76_NeikiAnalytics.exe

  • Size

    68KB

  • Sample

    240629-kcbw1atgjd

  • MD5

    f285bb29b6e4476df16c5dca03df7e30

  • SHA1

    3a2d1d3600487aefc3839f8873a3a388d8417fba

  • SHA256

    8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76

  • SHA512

    adfedad4d0476f0cc3b6eb5b1a51699f60ec0c72ad42740174594773f4e91ab2bf1f2e5782cac2c34ced3d76054cb0edb4e9aeb17290a3b17f6a33d31d8a7433

  • SSDEEP

    1536:ah2S7CNP4d+okkGbbXwwf0Q7X/7PeZVclN:ah2S7jdDGbbXFPKzY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

webwhatsapp.cc:65503

Mutex

ShiningForceRatMutex_cs_cs_cs

Attributes
  • delay

    1

  • install

    true

  • install_file

    wps.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76_NeikiAnalytics.exe

    • Size

      68KB

    • MD5

      f285bb29b6e4476df16c5dca03df7e30

    • SHA1

      3a2d1d3600487aefc3839f8873a3a388d8417fba

    • SHA256

      8b0d6fa7c6440dc7f932c00911cb7b67f19af21cee5ed46b5f5970008e20cd76

    • SHA512

      adfedad4d0476f0cc3b6eb5b1a51699f60ec0c72ad42740174594773f4e91ab2bf1f2e5782cac2c34ced3d76054cb0edb4e9aeb17290a3b17f6a33d31d8a7433

    • SSDEEP

      1536:ah2S7CNP4d+okkGbbXwwf0Q7X/7PeZVclN:ah2S7jdDGbbXFPKzY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks