General
-
Target
360664dbd5bb1fbc4493eee7bea66a97db20f7deabac57cbbeba455226ae5c01_NeikiAnalytics.exe
-
Size
36KB
-
Sample
240701-e98dkszdlr
-
MD5
5f500bf425159642df0533f6cc76ad70
-
SHA1
5b0f9d99b7c10092fa3579eee44dd4ef30a2e18d
-
SHA256
360664dbd5bb1fbc4493eee7bea66a97db20f7deabac57cbbeba455226ae5c01
-
SHA512
e11d34dca0d0d73a1cd40e91574cda0cb4a0f70c6b1032713b5e22560fec3cbb1c38bb9aa7ff6bb4f2762454dfa2bd18cf12add1d847ef14d255ac8a9703cf9e
-
SSDEEP
768:+mfjwQzmBOYMZeQEDNpPv0c3q7QZJxhJkn4l11uy:+mjzm8vzsEZaJxhS4Buy
Behavioral task
behavioral1
Sample
360664dbd5bb1fbc4493eee7bea66a97db20f7deabac57cbbeba455226ae5c01_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
360664dbd5bb1fbc4493eee7bea66a97db20f7deabac57cbbeba455226ae5c01_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
360664dbd5bb1fbc4493eee7bea66a97db20f7deabac57cbbeba455226ae5c01_NeikiAnalytics.exe
-
Size
36KB
-
MD5
5f500bf425159642df0533f6cc76ad70
-
SHA1
5b0f9d99b7c10092fa3579eee44dd4ef30a2e18d
-
SHA256
360664dbd5bb1fbc4493eee7bea66a97db20f7deabac57cbbeba455226ae5c01
-
SHA512
e11d34dca0d0d73a1cd40e91574cda0cb4a0f70c6b1032713b5e22560fec3cbb1c38bb9aa7ff6bb4f2762454dfa2bd18cf12add1d847ef14d255ac8a9703cf9e
-
SSDEEP
768:+mfjwQzmBOYMZeQEDNpPv0c3q7QZJxhJkn4l11uy:+mjzm8vzsEZaJxhS4Buy
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Server Software Component
1Terminal Services DLL
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1