General
-
Target
c721018e765d9d44f393cf0e3d5fc1d0_NEIKI
-
Size
201KB
-
Sample
240509-cecbjscc2t
-
MD5
c721018e765d9d44f393cf0e3d5fc1d0
-
SHA1
9738e4623998d14370a2cd01b4161c47d2b75ecc
-
SHA256
413ab16aa824a9999a31041fe459899ab7d1812de05c46a85f79f55974db01a5
-
SHA512
3e86bc668c23c46502076264d1a7112990ea5a235cef53592e3852ec970d745cd786f888133171e1dbe62622f320fb9149cdf45cd74f97f4ef034a25ec0a5b24
-
SSDEEP
3072:KXKQes5NFeoeo5n2TtP2/aRqGT5AgzTf7B/Tt+G/Tt+6lRlMQGwWv:cLxrnC2/8TuE7B/B+G/B+6lRlnhQ
Malware Config
Targets
-
-
Target
c721018e765d9d44f393cf0e3d5fc1d0_NEIKI
-
Size
201KB
-
MD5
c721018e765d9d44f393cf0e3d5fc1d0
-
SHA1
9738e4623998d14370a2cd01b4161c47d2b75ecc
-
SHA256
413ab16aa824a9999a31041fe459899ab7d1812de05c46a85f79f55974db01a5
-
SHA512
3e86bc668c23c46502076264d1a7112990ea5a235cef53592e3852ec970d745cd786f888133171e1dbe62622f320fb9149cdf45cd74f97f4ef034a25ec0a5b24
-
SSDEEP
3072:KXKQes5NFeoeo5n2TtP2/aRqGT5AgzTf7B/Tt+G/Tt+6lRlMQGwWv:cLxrnC2/8TuE7B/B+G/B+6lRlnhQ
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1