General
-
Target
f4dca5edb642d465aa7a548f258771c0_NEIKI
-
Size
91KB
-
Sample
240508-g4gpsaeh9v
-
MD5
f4dca5edb642d465aa7a548f258771c0
-
SHA1
3cad7a5964de5851b2979614aa7ea3379ecea3be
-
SHA256
8d35a585ca0c8698415bbfe220221003067dcbcf6da9ec0b3bf9b6573c1f1aae
-
SHA512
538f55fea2398c22ddc70940303a7dfd7848e339670beb55c185a4fda7eb3d3f5301849f79161ac5be321b6ebce9bd150ba2888e1799fd05915686d5d75e4d1d
-
SSDEEP
1536:FAwEmBGz1lNNqDaG0PoxhlzmFAwEmBGz1lNNqDaG0PoxhlzmR:FGmUXNQDaG0A8FGmUXNQDaG0A8R
Malware Config
Targets
-
-
Target
f4dca5edb642d465aa7a548f258771c0_NEIKI
-
Size
91KB
-
MD5
f4dca5edb642d465aa7a548f258771c0
-
SHA1
3cad7a5964de5851b2979614aa7ea3379ecea3be
-
SHA256
8d35a585ca0c8698415bbfe220221003067dcbcf6da9ec0b3bf9b6573c1f1aae
-
SHA512
538f55fea2398c22ddc70940303a7dfd7848e339670beb55c185a4fda7eb3d3f5301849f79161ac5be321b6ebce9bd150ba2888e1799fd05915686d5d75e4d1d
-
SSDEEP
1536:FAwEmBGz1lNNqDaG0PoxhlzmFAwEmBGz1lNNqDaG0PoxhlzmR:FGmUXNQDaG0A8FGmUXNQDaG0A8R
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1