Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
18201ab8fea5b6355f397e0f735fa830_NeikiAnalytics
-
Size
66KB
-
Sample
240511-th713ahe53
-
MD5
18201ab8fea5b6355f397e0f735fa830
-
SHA1
048e248dcfbec2ad904917b9b55fe1376b09de8b
-
SHA256
3c4e278e34855819d71854f04f4141075bb706d2592d979d3393f81bd5c5244d
-
SHA512
b3438579f16b6e57e1704dbb117aec0a91cdd9e4c1eda7feda4be2f47896009fa4b465f56cfdb897f188106923fb826c5a429ab356984872f6a75bea39f38b24
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXih:IeklMMYJhqezw/pXzH9ih
Static task
static1
Behavioral task
behavioral1
Sample
18201ab8fea5b6355f397e0f735fa830_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
18201ab8fea5b6355f397e0f735fa830_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
18201ab8fea5b6355f397e0f735fa830_NeikiAnalytics
-
Size
66KB
-
MD5
18201ab8fea5b6355f397e0f735fa830
-
SHA1
048e248dcfbec2ad904917b9b55fe1376b09de8b
-
SHA256
3c4e278e34855819d71854f04f4141075bb706d2592d979d3393f81bd5c5244d
-
SHA512
b3438579f16b6e57e1704dbb117aec0a91cdd9e4c1eda7feda4be2f47896009fa4b465f56cfdb897f188106923fb826c5a429ab356984872f6a75bea39f38b24
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXih:IeklMMYJhqezw/pXzH9ih
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1