General
-
Target
4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe
-
Size
689KB
-
Sample
240701-m436nsxgkb
-
MD5
2f89f3acf9e0cda3475a64a577618ef0
-
SHA1
64e8d2ce1514ab35101d30f6d316fa2266728722
-
SHA256
4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892
-
SHA512
fae512a7b4bd514bcd708c871ec5697a1a5f362250d4d377bd03c98592582390ce8e578e2e76dc750c925918fe917de9f165b2457acca73dcdec0e97d4b5e104
-
SSDEEP
12288:fGp6YuDccm04mfUVXYveOauvtfnB8E7fT3B/oG2hlDLFkzkMKXI:fXYi4m8VrOLtvjfTClDBkzkMKXI
Static task
static1
Behavioral task
behavioral1
Sample
4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
http://103.130.147.85
Targets
-
-
Target
4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe
-
Size
689KB
-
MD5
2f89f3acf9e0cda3475a64a577618ef0
-
SHA1
64e8d2ce1514ab35101d30f6d316fa2266728722
-
SHA256
4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892
-
SHA512
fae512a7b4bd514bcd708c871ec5697a1a5f362250d4d377bd03c98592582390ce8e578e2e76dc750c925918fe917de9f165b2457acca73dcdec0e97d4b5e104
-
SSDEEP
12288:fGp6YuDccm04mfUVXYveOauvtfnB8E7fT3B/oG2hlDLFkzkMKXI:fXYi4m8VrOLtvjfTClDBkzkMKXI
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-