Overview

overview

10

Static

static

3

715557e76f...KI.exe

windows7-x64

10

715557e76f...KI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    715557e76fb3aed3e97c59c16a937270_NEIKI

  • Size

    456KB

  • Sample

    240508-12leqsce34

  • MD5

    715557e76fb3aed3e97c59c16a937270

  • SHA1

    4d7cd4f90edbe67e201a6623fd76c25bbac84480

  • SHA256

    d98eb832336e305e2662fece5f2592be37bbae7136a48ade1aaca292ca14d3ba

  • SHA512

    04a7c4a1fc783aa64dd3bc0172551c47cd7b30592ddb2cb646d0176cdb0a1a812c64fa0a3bc555faea6d46e1acd7e69b6a4fb0e932de6606ea45d61aa360b1ca

  • SSDEEP

    12288:inaKawSQQ+A1yS5Be1y/y/y8DJQ+RLapu:as0Ye0aa8DJ9Lapu

Score
10/10
adwarepersistencestealerupx

Malware Config

Targets

    • Target

      715557e76fb3aed3e97c59c16a937270_NEIKI

    • Size

      456KB

    • MD5

      715557e76fb3aed3e97c59c16a937270

    • SHA1

      4d7cd4f90edbe67e201a6623fd76c25bbac84480

    • SHA256

      d98eb832336e305e2662fece5f2592be37bbae7136a48ade1aaca292ca14d3ba

    • SHA512

      04a7c4a1fc783aa64dd3bc0172551c47cd7b30592ddb2cb646d0176cdb0a1a812c64fa0a3bc555faea6d46e1acd7e69b6a4fb0e932de6606ea45d61aa360b1ca

    • SSDEEP

      12288:inaKawSQQ+A1yS5Be1y/y/y8DJQ+RLapu:as0Ye0aa8DJ9Lapu

    Score
    10/10
    adwarepersistencestealerupx

    • Modifies WinLogon for persistence

      persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks