542884dc487dacf92669b02071fdd7fd8b9dd2912e81490175703bb1c3061e22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

542884dc487dacf92669b02071fdd7fd8b9dd2912e81490175703bb1c3061e22_NeikiAnalytics.exe
Size

64KB
Sample

240701-p9d5vashje
MD5

faaeca6e344b06341c546489a00d27f0
SHA1

5bf23bbe43206e7c60aa2e4a68e56dbee283555d
SHA256

542884dc487dacf92669b02071fdd7fd8b9dd2912e81490175703bb1c3061e22
SHA512

2d257c013bd8f5bfa80acf503bd67f0d8209e405f68d933ab740da54d76dcc314ac5a4df48e24f140ed384bd8f1823afec65b7a9c0aabfd8c83c24e74b4a3075
SSDEEP

1536:bQTIubHy5wQjNZgHLl7qJc2fiMIRZprDa8ibxBvH:u4wINaLlqy2MtDMBv

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  542884dc487dacf92669b02071fdd7fd8b9dd2912e81490175703bb1c3061e22_NeikiAnalytics.exe
- Size
  
  64KB
- MD5
  
  faaeca6e344b06341c546489a00d27f0
- SHA1
  
  5bf23bbe43206e7c60aa2e4a68e56dbee283555d
- SHA256
  
  542884dc487dacf92669b02071fdd7fd8b9dd2912e81490175703bb1c3061e22
- SHA512
  
  2d257c013bd8f5bfa80acf503bd67f0d8209e405f68d933ab740da54d76dcc314ac5a4df48e24f140ed384bd8f1823afec65b7a9c0aabfd8c83c24e74b4a3075
- SSDEEP
  
  1536:bQTIubHy5wQjNZgHLl7qJc2fiMIRZprDa8ibxBvH:u4wINaLlqy2MtDMBv
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2