General
-
Target
4e61c25d6ef620a0b4c800091860cdc38928f2ec75e2097700d4d94cc0f87265_NeikiAnalytics.exe
-
Size
232KB
-
Sample
240701-nlal3sscql
-
MD5
60e907c5d3c0aa96e45b8db5d2a2ca80
-
SHA1
2e23304cf254c39bbfae227a6c7dde34eedbbc3c
-
SHA256
4e61c25d6ef620a0b4c800091860cdc38928f2ec75e2097700d4d94cc0f87265
-
SHA512
1ea98aadd284ce7222c488ca32f69eb422532d5682e17453b199b5dcec9318da7bfe6667bc87bff46460881e39ab28d254d6675eb0dd9c06f22a02c5bf204fa4
-
SSDEEP
6144:VDubaBBOBIIj6HLLYLCYJqvc1Do8powyVUHbAwOEUoB:wbab8pd
Behavioral task
behavioral1
Sample
4e61c25d6ef620a0b4c800091860cdc38928f2ec75e2097700d4d94cc0f87265_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
4e61c25d6ef620a0b4c800091860cdc38928f2ec75e2097700d4d94cc0f87265_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot7423164379:AAFflVsuq0BrKEG_Lh8KPIRPN6rHeW4a7oo/sendMessage?chat_id=7472532856
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
4e61c25d6ef620a0b4c800091860cdc38928f2ec75e2097700d4d94cc0f87265_NeikiAnalytics.exe
-
Size
232KB
-
MD5
60e907c5d3c0aa96e45b8db5d2a2ca80
-
SHA1
2e23304cf254c39bbfae227a6c7dde34eedbbc3c
-
SHA256
4e61c25d6ef620a0b4c800091860cdc38928f2ec75e2097700d4d94cc0f87265
-
SHA512
1ea98aadd284ce7222c488ca32f69eb422532d5682e17453b199b5dcec9318da7bfe6667bc87bff46460881e39ab28d254d6675eb0dd9c06f22a02c5bf204fa4
-
SSDEEP
6144:VDubaBBOBIIj6HLLYLCYJqvc1Do8powyVUHbAwOEUoB:wbab8pd
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-