General
-
Target
4135ddedb39ada6eed9cea0f5faf147e75ecb0c3f98c59e4aacdedd722aa03ff_NeikiAnalytics.exe
-
Size
128KB
-
Sample
240701-jqw9estclm
-
MD5
d2241d3028644d93460b60b6158ff6b0
-
SHA1
55e4ee338831f9e337002d486a6983b9d70b1798
-
SHA256
4135ddedb39ada6eed9cea0f5faf147e75ecb0c3f98c59e4aacdedd722aa03ff
-
SHA512
14d9ac6a5bd19d8def3940b052c84627610d24e475f0c9912c2cbf637699c45dc1739489f640bc20600a8cceaccef3d79d376802b8790adcee5cb0bbca249b06
-
SSDEEP
3072:gkF3p3tkF3pxn4d66lpL7Id5n8egTnpBA6ad1:tFpKFpx+lpfIX8eIpBn+1
Static task
static1
Behavioral task
behavioral1
Sample
4135ddedb39ada6eed9cea0f5faf147e75ecb0c3f98c59e4aacdedd722aa03ff_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
4135ddedb39ada6eed9cea0f5faf147e75ecb0c3f98c59e4aacdedd722aa03ff_NeikiAnalytics.exe
-
Size
128KB
-
MD5
d2241d3028644d93460b60b6158ff6b0
-
SHA1
55e4ee338831f9e337002d486a6983b9d70b1798
-
SHA256
4135ddedb39ada6eed9cea0f5faf147e75ecb0c3f98c59e4aacdedd722aa03ff
-
SHA512
14d9ac6a5bd19d8def3940b052c84627610d24e475f0c9912c2cbf637699c45dc1739489f640bc20600a8cceaccef3d79d376802b8790adcee5cb0bbca249b06
-
SSDEEP
3072:gkF3p3tkF3pxn4d66lpL7Id5n8egTnpBA6ad1:tFpKFpx+lpfIX8eIpBn+1
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1