Overview

overview

9

Static

static

7

9f2758d71d...cs.dll

windows7-x64

9

9f2758d71d...cs.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f2758d71d7ca217347196941b5a39a03d2d1015fcd9a126693099d3c8c79378_NeikiAnalytics.exe

  • Size

    3.0MB

  • Sample

    240629-meastsycpq

  • MD5

    fe8cf52207d4347cf7af77588e8fb810

  • SHA1

    1f9f9ec334d4c4df532955a54e58dba34fd50396

  • SHA256

    9f2758d71d7ca217347196941b5a39a03d2d1015fcd9a126693099d3c8c79378

  • SHA512

    81af900021dcaa193858c796d7a86b2c0ba6bf3fc0b0e4453efc1195bae64bc28260dfba26d428b04bc19470fff47572d5fad4183fca64882a331c7bb7dff49c

  • SSDEEP

    49152:jgSIO8RoCxgUnQ8FImHbChCsdFcl5vdMat9gVgpHDplFnWo5uAYz1DAMWBEDY2Pe:jgXxoCxgUnQjmHb0LTcl5dZt99lFWo/X

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      9f2758d71d7ca217347196941b5a39a03d2d1015fcd9a126693099d3c8c79378_NeikiAnalytics.exe

    • Size

      3.0MB

    • MD5

      fe8cf52207d4347cf7af77588e8fb810

    • SHA1

      1f9f9ec334d4c4df532955a54e58dba34fd50396

    • SHA256

      9f2758d71d7ca217347196941b5a39a03d2d1015fcd9a126693099d3c8c79378

    • SHA512

      81af900021dcaa193858c796d7a86b2c0ba6bf3fc0b0e4453efc1195bae64bc28260dfba26d428b04bc19470fff47572d5fad4183fca64882a331c7bb7dff49c

    • SSDEEP

      49152:jgSIO8RoCxgUnQ8FImHbChCsdFcl5vdMat9gVgpHDplFnWo5uAYz1DAMWBEDY2Pe:jgXxoCxgUnQjmHb0LTcl5dZt99lFWo/X

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks