d21f40564744db456e95e788a9768798577feae1dbdb70ebb9842b43feff6daa | Triage

Sharing

General

Target

5a0c12ac053e66852ca6d111a216a940_NeikiAnalytics
Size

124KB
Sample

240510-dtg11sba69
MD5

5a0c12ac053e66852ca6d111a216a940
SHA1

c140c6544fb44f31becc620b8c2f2f8b0fd31bdf
SHA256

d21f40564744db456e95e788a9768798577feae1dbdb70ebb9842b43feff6daa
SHA512

ec45a233f79772dc2887236c733e54e8af2c8cde7510b2a7601949d6ad4bd9489afed6bc497905bdc773308a2d2006e4724d41688a6af558ac666b73dd894da7
SSDEEP

1536:vjmMW0owZMnS1wjkHWrHUdPSGAq1O5LWnouy8m:vFW0VqSmI2jUKmOtmout

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5a0c12ac053e66852ca6d111a216a940_NeikiAnalytics
- Size
  
  124KB
- MD5
  
  5a0c12ac053e66852ca6d111a216a940
- SHA1
  
  c140c6544fb44f31becc620b8c2f2f8b0fd31bdf
- SHA256
  
  d21f40564744db456e95e788a9768798577feae1dbdb70ebb9842b43feff6daa
- SHA512
  
  ec45a233f79772dc2887236c733e54e8af2c8cde7510b2a7601949d6ad4bd9489afed6bc497905bdc773308a2d2006e4724d41688a6af558ac666b73dd894da7
- SSDEEP
  
  1536:vjmMW0owZMnS1wjkHWrHUdPSGAq1O5LWnouy8m:vFW0VqSmI2jUKmOtmout
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan