Overview

overview

7

Static

static

3

b4d2f29b96...cs.exe

windows7-x64

7

b4d2f29b96...cs.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b4d2f29b960c8c1a055b279dc277ed1a0cbe8b60e842a15f80a37094fc3cda20_NeikiAnalytics.exe

  • Size

    1.8MB

  • Sample

    240629-vwas6avekr

  • MD5

    067d5d1049f93fce2f9ebe054981cd70

  • SHA1

    9d7b82e81174af585da7426b1bda4ca5a4f58817

  • SHA256

    b4d2f29b960c8c1a055b279dc277ed1a0cbe8b60e842a15f80a37094fc3cda20

  • SHA512

    66a4066f16c87a2fa70f74cfbdc61031b18e6b4522c29aebde97aee5e520299e9500b0b4b4e3dfb7859f335788cff4403aeabe21dff4aa4adefffa39b9e519fe

  • SSDEEP

    49152:VpxDOJ/VKzALe8NPhHHsMsJ+/UN1VrEcf9iTHinc3Zc:DlI/CzgPdK15rE6YTHinic

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      b4d2f29b960c8c1a055b279dc277ed1a0cbe8b60e842a15f80a37094fc3cda20_NeikiAnalytics.exe

    • Size

      1.8MB

    • MD5

      067d5d1049f93fce2f9ebe054981cd70

    • SHA1

      9d7b82e81174af585da7426b1bda4ca5a4f58817

    • SHA256

      b4d2f29b960c8c1a055b279dc277ed1a0cbe8b60e842a15f80a37094fc3cda20

    • SHA512

      66a4066f16c87a2fa70f74cfbdc61031b18e6b4522c29aebde97aee5e520299e9500b0b4b4e3dfb7859f335788cff4403aeabe21dff4aa4adefffa39b9e519fe

    • SSDEEP

      49152:VpxDOJ/VKzALe8NPhHHsMsJ+/UN1VrEcf9iTHinc3Zc:DlI/CzgPdK15rE6YTHinic

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks