General
-
Target
ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263_NeikiAnalytics.exe
-
Size
266KB
-
Sample
240629-pl59eszhkq
-
MD5
d4e7ed34298e33e0254e4c9ffec34bf0
-
SHA1
664dee42a1951d81f61d5ea1446cdbcba677df70
-
SHA256
ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263
-
SHA512
88716f13d00040bc05a7e2393d0fb2b83b75d5346e692cc27394a31d03731156e14c9d8fa372098e557e8f700d5d6ec5a624dd1e8440156f96d8850bee9e3254
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sq:WFzDqa86hV6uRRqX1evPlwAEq
Static task
static1
Behavioral task
behavioral1
Sample
ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263_NeikiAnalytics.exe
-
Size
266KB
-
MD5
d4e7ed34298e33e0254e4c9ffec34bf0
-
SHA1
664dee42a1951d81f61d5ea1446cdbcba677df70
-
SHA256
ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263
-
SHA512
88716f13d00040bc05a7e2393d0fb2b83b75d5346e692cc27394a31d03731156e14c9d8fa372098e557e8f700d5d6ec5a624dd1e8440156f96d8850bee9e3254
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sq:WFzDqa86hV6uRRqX1evPlwAEq
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-