General
-
Target
a24bf56363a193abd0aad8ecaa5d9740_NeikiAnalytics.exe
-
Size
9.6MB
-
Sample
240617-r6q2caydjk
-
MD5
a24bf56363a193abd0aad8ecaa5d9740
-
SHA1
b5d06594e749025e9265b1d50077a1a083ad3152
-
SHA256
c6e5c86e7476b0d1440a710eb76136c294ad19f195574839437ed0d8c798f6a1
-
SHA512
f1593f5768dff4302257301b5f90633816e36052f5b834e8ac098b901fff353a01897d0b91c9298d4b5361cdde196667a82cbc749a7c6724114ce0a99a719a43
-
SSDEEP
196608:cDAg/8dPzQp5fo1Fu60xROhO+GQcfrO+Ce9LG3k+u7yjqzZj:u/89zkD6kwhojO+96Jpsj
Static task
static1
Behavioral task
behavioral1
Sample
a24bf56363a193abd0aad8ecaa5d9740_NeikiAnalytics.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
a24bf56363a193abd0aad8ecaa5d9740_NeikiAnalytics.exe
-
Size
9.6MB
-
MD5
a24bf56363a193abd0aad8ecaa5d9740
-
SHA1
b5d06594e749025e9265b1d50077a1a083ad3152
-
SHA256
c6e5c86e7476b0d1440a710eb76136c294ad19f195574839437ed0d8c798f6a1
-
SHA512
f1593f5768dff4302257301b5f90633816e36052f5b834e8ac098b901fff353a01897d0b91c9298d4b5361cdde196667a82cbc749a7c6724114ce0a99a719a43
-
SSDEEP
196608:cDAg/8dPzQp5fo1Fu60xROhO+GQcfrO+Ce9LG3k+u7yjqzZj:u/89zkD6kwhojO+96Jpsj
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-