General
-
Target
ad37c9927efe60afdef8b4e3914d3179670c8486442b0278a64efb37f0b65343_NeikiAnalytics.exe
-
Size
3.7MB
-
Sample
240629-qmv1hs1epq
-
MD5
92ac2326933c87f739c049886ee85640
-
SHA1
194aa044ee53a6ead50957c487ac19675f6c88c5
-
SHA256
ad37c9927efe60afdef8b4e3914d3179670c8486442b0278a64efb37f0b65343
-
SHA512
973a1676b950efd44fb0b716900cf31148d25bba1e8615101cdaa914b7a4653f97bfcef461df7b95be9882e0cb57dc59aadd93c30f7b4ea2b5f26999a2dcccf0
-
SSDEEP
98304:mhjuVfvlhRLi7xFm4Du9VdNqG2/c5sFnCukvYk:y+9jW9nDkVTqG29nCuJk
Behavioral task
behavioral1
Sample
ad37c9927efe60afdef8b4e3914d3179670c8486442b0278a64efb37f0b65343_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
ad37c9927efe60afdef8b4e3914d3179670c8486442b0278a64efb37f0b65343_NeikiAnalytics.exe
-
Size
3.7MB
-
MD5
92ac2326933c87f739c049886ee85640
-
SHA1
194aa044ee53a6ead50957c487ac19675f6c88c5
-
SHA256
ad37c9927efe60afdef8b4e3914d3179670c8486442b0278a64efb37f0b65343
-
SHA512
973a1676b950efd44fb0b716900cf31148d25bba1e8615101cdaa914b7a4653f97bfcef461df7b95be9882e0cb57dc59aadd93c30f7b4ea2b5f26999a2dcccf0
-
SSDEEP
98304:mhjuVfvlhRLi7xFm4Du9VdNqG2/c5sFnCukvYk:y+9jW9nDkVTqG29nCuJk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-