General
-
Target
39c72065e14903fbc90f0a005a8728b0_NeikiAnalytics
-
Size
66KB
-
Sample
240509-p514taae5t
-
MD5
39c72065e14903fbc90f0a005a8728b0
-
SHA1
b89e02c99c15dbf71d05dc8017cfe184a535c99b
-
SHA256
20c06ea50de7ca03c5994203f4230eb7fc42df50032d6c04c8e8fc108242a516
-
SHA512
f103249256d2a4b6a073189745cbf8c186e6cf297e8612351cda233b032acc9c23fb4c89daafa24506356f95922e42f25721aaabbafdd0883ed2158fc08cc73b
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiA:IeklMMYJhqezw/pXzH9iA
Malware Config
Targets
-
-
Target
39c72065e14903fbc90f0a005a8728b0_NeikiAnalytics
-
Size
66KB
-
MD5
39c72065e14903fbc90f0a005a8728b0
-
SHA1
b89e02c99c15dbf71d05dc8017cfe184a535c99b
-
SHA256
20c06ea50de7ca03c5994203f4230eb7fc42df50032d6c04c8e8fc108242a516
-
SHA512
f103249256d2a4b6a073189745cbf8c186e6cf297e8612351cda233b032acc9c23fb4c89daafa24506356f95922e42f25721aaabbafdd0883ed2158fc08cc73b
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiA:IeklMMYJhqezw/pXzH9iA
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1