3d835a8259b8bd53f8db1813396ea04406d92e543a44146fb6e738c4b4400a9d | Triage

Submit
Reports

Overview

overview

7

Static

static

3

3d835a8259...cs.exe

windows7-x64

7

3d835a8259...cs.exe

windows10-2004-x64

1

Sharing

General

Target

3d835a8259b8bd53f8db1813396ea04406d92e543a44146fb6e738c4b4400a9d_NeikiAnalytics.exe
Size

10KB
Sample

240701-hnlt8sydla
MD5

66b238fde6288a0d080b19914a530720
SHA1

fdf0497777a34442e6f7be54d717f32ed74ba679
SHA256

3d835a8259b8bd53f8db1813396ea04406d92e543a44146fb6e738c4b4400a9d
SHA512

39405c8b4b081d2782e6241e421c8759aaf4c224acf62577e98d8acf736ab5e701388c4c912684c76aa6eeeaaee6f275926e17bcf964792df611561a58d847ca
SSDEEP

96:dwk8dCBjttW4/w14lyiEfULRtWjkPCJ8KawCxSCrmZYqvfucfSevzjD5g5vVE5vv:dwxCtttz/W4lyiEfUHkB8nwCxQDqzu5

Score

7^/10

collection persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d835a8259b8bd53f8db1813396ea04406d92e543a44146fb6e738c4b4400a9d_NeikiAnalytics.exe

Resource

win7-20231129-en

collection persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d835a8259b8bd53f8db1813396ea04406d92e543a44146fb6e738c4b4400a9d_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  3d835a8259b8bd53f8db1813396ea04406d92e543a44146fb6e738c4b4400a9d_NeikiAnalytics.exe
- Size
  
  10KB
- MD5
  
  66b238fde6288a0d080b19914a530720
- SHA1
  
  fdf0497777a34442e6f7be54d717f32ed74ba679
- SHA256
  
  3d835a8259b8bd53f8db1813396ea04406d92e543a44146fb6e738c4b4400a9d
- SHA512
  
  39405c8b4b081d2782e6241e421c8759aaf4c224acf62577e98d8acf736ab5e701388c4c912684c76aa6eeeaaee6f275926e17bcf964792df611561a58d847ca
- SSDEEP
  
  96:dwk8dCBjttW4/w14lyiEfULRtWjkPCJ8KawCxSCrmZYqvfucfSevzjD5g5vVE5vv:dwxCtttz/W4lyiEfUHkB8nwCxQDqzu5
Score

7^/10

collection persistence spyware stealer
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

collectionpersistencespywarestealer

behavioral2

© 2018-2024

Terms | Privacy