Overview

overview

9

Static

static

7

4b9dd759c9...cs.exe

windows7-x64

9

4b9dd759c9...cs.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b9dd759c97fcb85fd45a3a5884b122b6a627c187e6bb8873d686c7f7d7b5ffb_NeikiAnalytics.exe

  • Size

    3.6MB

  • Sample

    240701-mrwk3axaka

  • MD5

    501462357d48a4ff3b742f44db5fc9d0

  • SHA1

    7eca3b7560fe83774d84dce9838512e31b21dbc3

  • SHA256

    4b9dd759c97fcb85fd45a3a5884b122b6a627c187e6bb8873d686c7f7d7b5ffb

  • SHA512

    afde5c1d8e4531c07780b1828b9ed55f234d4d67672d5305c33da90d1e56eb0bec39443d423a5f3861264e6fe05f3666c6915b3a2457817bcaa755572c96072d

  • SSDEEP

    98304:ICYU7jZ+FLOTb1Lq7oDH0w49sRLr3W5ONd:3v7jZkOXFiA0pOeOH

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      4b9dd759c97fcb85fd45a3a5884b122b6a627c187e6bb8873d686c7f7d7b5ffb_NeikiAnalytics.exe

    • Size

      3.6MB

    • MD5

      501462357d48a4ff3b742f44db5fc9d0

    • SHA1

      7eca3b7560fe83774d84dce9838512e31b21dbc3

    • SHA256

      4b9dd759c97fcb85fd45a3a5884b122b6a627c187e6bb8873d686c7f7d7b5ffb

    • SHA512

      afde5c1d8e4531c07780b1828b9ed55f234d4d67672d5305c33da90d1e56eb0bec39443d423a5f3861264e6fe05f3666c6915b3a2457817bcaa755572c96072d

    • SSDEEP

      98304:ICYU7jZ+FLOTb1Lq7oDH0w49sRLr3W5ONd:3v7jZkOXFiA0pOeOH

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks