2d409f9f4f7b7b316c54c94eee63ba644addd2ededcfe0570569eb05e79bfa68 | Triage

Sharing

General

Target

2d409f9f4f7b7b316c54c94eee63ba644addd2ededcfe0570569eb05e79bfa68_NeikiAnalytics.exe
Size

1.8MB
Sample

240701-cf9y7ssgke
MD5

eb2ddb50c55e8456187584e015160c60
SHA1

ccdbfe9845fb871b368b6e0403007ace6f7e2cb5
SHA256

2d409f9f4f7b7b316c54c94eee63ba644addd2ededcfe0570569eb05e79bfa68
SHA512

976ab2f68a9ee629820a0bda06cf919dd3961f2f76917b5d11ae890ae94e3410c70d5b19457ebb216b09b54cdbd7135e1fa0b743ed6b795b8ec67568b6954fa5
SSDEEP

49152:VKillvE2rP+7qn0jblvJt20YXiTs2PSDFV:o1enqJ3zYSAtDFV

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2d409f9f4f7b7b316c54c94eee63ba644addd2ededcfe0570569eb05e79bfa68_NeikiAnalytics.exe
- Size
  
  1.8MB
- MD5
  
  eb2ddb50c55e8456187584e015160c60
- SHA1
  
  ccdbfe9845fb871b368b6e0403007ace6f7e2cb5
- SHA256
  
  2d409f9f4f7b7b316c54c94eee63ba644addd2ededcfe0570569eb05e79bfa68
- SHA512
  
  976ab2f68a9ee629820a0bda06cf919dd3961f2f76917b5d11ae890ae94e3410c70d5b19457ebb216b09b54cdbd7135e1fa0b743ed6b795b8ec67568b6954fa5
- SSDEEP
  
  49152:VKillvE2rP+7qn0jblvJt20YXiTs2PSDFV:o1enqJ3zYSAtDFV
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer