Overview

overview

7

Static

static

3

31ed34a52c...cs.exe

windows7-x64

7

31ed34a52c...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31ed34a52cbc233f7d610b6cf0239661bb0bd843d1c7d482e4e546b194a19b35_NeikiAnalytics.exe

  • Size

    90KB

  • Sample

    240701-dy81asvdje

  • MD5

    13eff7025902a43d033a7dd6bc94d800

  • SHA1

    2051a81c87c5a738b86f93f03dc489bc8dcd1c60

  • SHA256

    31ed34a52cbc233f7d610b6cf0239661bb0bd843d1c7d482e4e546b194a19b35

  • SHA512

    e818bc3b480968ff31f70f7160d62cf4b4042730e1bbc4d186b059d72279bb99f70a25b7de45eac4ea52f11b9ca80343030c110bbea6ab3ca32baece5b9b43ee

  • SSDEEP

    1536:t3x85+Ks2gc/Ndu0PaxkawA5f2DkZoWdxcO6z/nCmbuFYlCVu6xw5:th85+KsoN00Cxp92D32xx6z/nC+CVm

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      31ed34a52cbc233f7d610b6cf0239661bb0bd843d1c7d482e4e546b194a19b35_NeikiAnalytics.exe

    • Size

      90KB

    • MD5

      13eff7025902a43d033a7dd6bc94d800

    • SHA1

      2051a81c87c5a738b86f93f03dc489bc8dcd1c60

    • SHA256

      31ed34a52cbc233f7d610b6cf0239661bb0bd843d1c7d482e4e546b194a19b35

    • SHA512

      e818bc3b480968ff31f70f7160d62cf4b4042730e1bbc4d186b059d72279bb99f70a25b7de45eac4ea52f11b9ca80343030c110bbea6ab3ca32baece5b9b43ee

    • SSDEEP

      1536:t3x85+Ks2gc/Ndu0PaxkawA5f2DkZoWdxcO6z/nCmbuFYlCVu6xw5:th85+KsoN00Cxp92D32xx6z/nC+CVm

    Score
    7/10
    persistencespywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks