5169f049a8d799f0f64901d974c29105ad117439c7dd3e3ea991841078d3ee67 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05ab502b0a68665de7fc494ed06e2ff0_NeikiAnalytics
Size

41KB
Sample

240513-xz7y6sbd42
MD5

05ab502b0a68665de7fc494ed06e2ff0
SHA1

24f191e0e001160d2bf6e8255600690efe8a9b80
SHA256

5169f049a8d799f0f64901d974c29105ad117439c7dd3e3ea991841078d3ee67
SHA512

9ad38efb0391f376daf2e416de47700c28990b660b17b7a6f7f91242ba5468dddd6ce342b676883621347f197a67935b8714fcc523f8f8c71d2fdf5bd34798cc
SSDEEP

768:+iZNPp0b5BbrMVUTBv6mkZ8jA7IwnDoSdB:+WNBGBrM6Fv6mkqyo8

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  05ab502b0a68665de7fc494ed06e2ff0_NeikiAnalytics
- Size
  
  41KB
- MD5
  
  05ab502b0a68665de7fc494ed06e2ff0
- SHA1
  
  24f191e0e001160d2bf6e8255600690efe8a9b80
- SHA256
  
  5169f049a8d799f0f64901d974c29105ad117439c7dd3e3ea991841078d3ee67
- SHA512
  
  9ad38efb0391f376daf2e416de47700c28990b660b17b7a6f7f91242ba5468dddd6ce342b676883621347f197a67935b8714fcc523f8f8c71d2fdf5bd34798cc
- SSDEEP
  
  768:+iZNPp0b5BbrMVUTBv6mkZ8jA7IwnDoSdB:+WNBGBrM6Fv6mkqyo8
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2