General

  • Target

    ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263_NeikiAnalytics.exe

  • Size

    266KB

  • Sample

    240629-pl59eszhkq

  • MD5

    d4e7ed34298e33e0254e4c9ffec34bf0

  • SHA1

    664dee42a1951d81f61d5ea1446cdbcba677df70

  • SHA256

    ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263

  • SHA512

    88716f13d00040bc05a7e2393d0fb2b83b75d5346e692cc27394a31d03731156e14c9d8fa372098e557e8f700d5d6ec5a624dd1e8440156f96d8850bee9e3254

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sq:WFzDqa86hV6uRRqX1evPlwAEq

Malware Config

Targets

    • Target

      ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263_NeikiAnalytics.exe

    • Size

      266KB

    • MD5

      d4e7ed34298e33e0254e4c9ffec34bf0

    • SHA1

      664dee42a1951d81f61d5ea1446cdbcba677df70

    • SHA256

      ab5d5afea2926b81471be684fbd1010a896ae85b5aef52001fe5f340f98a1263

    • SHA512

      88716f13d00040bc05a7e2393d0fb2b83b75d5346e692cc27394a31d03731156e14c9d8fa372098e557e8f700d5d6ec5a624dd1e8440156f96d8850bee9e3254

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sq:WFzDqa86hV6uRRqX1evPlwAEq

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks