72f70c10e2974c7dc542c82d36cbe6f455d9473cd38b040e3fdffd9732dc4785 | Triage

Sharing

General

Target

501e75d5d79689719552558dfa22a7c0_NEIKI
Size

70KB
Sample

240508-lrqjdagh64
MD5

501e75d5d79689719552558dfa22a7c0
SHA1

66d71612dd705dae316290595bc629c43da13cfc
SHA256

72f70c10e2974c7dc542c82d36cbe6f455d9473cd38b040e3fdffd9732dc4785
SHA512

c27b39225327d1ea1f1c922e29d1c778d3cac82bdb78e4f223a81acdc3557d1d079c03083511d79e807a93c253de238547158c32dccb1c5782291dac25d440ae
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slh:Olg35GTslA5t3/w8A

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  501e75d5d79689719552558dfa22a7c0_NEIKI
- Size
  
  70KB
- MD5
  
  501e75d5d79689719552558dfa22a7c0
- SHA1
  
  66d71612dd705dae316290595bc629c43da13cfc
- SHA256
  
  72f70c10e2974c7dc542c82d36cbe6f455d9473cd38b040e3fdffd9732dc4785
- SHA512
  
  c27b39225327d1ea1f1c922e29d1c778d3cac82bdb78e4f223a81acdc3557d1d079c03083511d79e807a93c253de238547158c32dccb1c5782291dac25d440ae
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slh:Olg35GTslA5t3/w8A
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan