General
-
Target
3494a626c0aca2dfe5920be307bd75abb4dc958ff2cfc952a9bdfb084d616de9_NeikiAnalytics.exe
-
Size
4.8MB
-
Sample
240701-etqhtswckf
-
MD5
6781bc0cb695bed5e66e297ad8e37440
-
SHA1
8eb2a9293dd631eb2405f4a45fe74be0d89d7057
-
SHA256
3494a626c0aca2dfe5920be307bd75abb4dc958ff2cfc952a9bdfb084d616de9
-
SHA512
eba4bf0f62c8fa3f4b8fefe066563cfeea5b7f3357280db18664500596a1f45e3ff8cc8b5d4eaf437fa35048814f26722cf40fa0cf377f91b417fcbae0e347ca
-
SSDEEP
98304:3GlQZHMwG1wyVVjdqyTT1K/tw4QIgrpeanq9um39JQcuh16/eXD:3GliH0TY/tzgaJMh164
Static task
static1
Behavioral task
behavioral1
Sample
3494a626c0aca2dfe5920be307bd75abb4dc958ff2cfc952a9bdfb084d616de9_NeikiAnalytics.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3494a626c0aca2dfe5920be307bd75abb4dc958ff2cfc952a9bdfb084d616de9_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
3494a626c0aca2dfe5920be307bd75abb4dc958ff2cfc952a9bdfb084d616de9_NeikiAnalytics.exe
-
Size
4.8MB
-
MD5
6781bc0cb695bed5e66e297ad8e37440
-
SHA1
8eb2a9293dd631eb2405f4a45fe74be0d89d7057
-
SHA256
3494a626c0aca2dfe5920be307bd75abb4dc958ff2cfc952a9bdfb084d616de9
-
SHA512
eba4bf0f62c8fa3f4b8fefe066563cfeea5b7f3357280db18664500596a1f45e3ff8cc8b5d4eaf437fa35048814f26722cf40fa0cf377f91b417fcbae0e347ca
-
SSDEEP
98304:3GlQZHMwG1wyVVjdqyTT1K/tw4QIgrpeanq9um39JQcuh16/eXD:3GliH0TY/tzgaJMh164
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-