General
-
Target
816ffbc3ea2a50cbe5c19d3dce11d34a5e21d381a5559942ca077613a9a09c51_NeikiAnalytics.exe
-
Size
112KB
-
Sample
240627-m9ys5s1bjq
-
MD5
c1608deefd04931e2d76f9cfb781c5b0
-
SHA1
0bf89552ca0ff47c4e63f231e3536fc8efd1c4b3
-
SHA256
816ffbc3ea2a50cbe5c19d3dce11d34a5e21d381a5559942ca077613a9a09c51
-
SHA512
57f27565e54042c8d63ce33d0f4daa9b65a8dc5daf4d309b0500ab804f654aa4d27346fdde2ceeb99b58db4e31b2bb275860d3acb34bccc5d24cf191f8dc2885
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Static task
static1
Behavioral task
behavioral1
Sample
816ffbc3ea2a50cbe5c19d3dce11d34a5e21d381a5559942ca077613a9a09c51_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
816ffbc3ea2a50cbe5c19d3dce11d34a5e21d381a5559942ca077613a9a09c51_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
816ffbc3ea2a50cbe5c19d3dce11d34a5e21d381a5559942ca077613a9a09c51_NeikiAnalytics.exe
-
Size
112KB
-
MD5
c1608deefd04931e2d76f9cfb781c5b0
-
SHA1
0bf89552ca0ff47c4e63f231e3536fc8efd1c4b3
-
SHA256
816ffbc3ea2a50cbe5c19d3dce11d34a5e21d381a5559942ca077613a9a09c51
-
SHA512
57f27565e54042c8d63ce33d0f4daa9b65a8dc5daf4d309b0500ab804f654aa4d27346fdde2ceeb99b58db4e31b2bb275860d3acb34bccc5d24cf191f8dc2885
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-