General

  • Target

    b4d6e477b79f203e9947ad396600cbe0_NeikiAnalytics

  • Size

    181KB

  • Sample

    240514-kww2aahh49

  • MD5

    b4d6e477b79f203e9947ad396600cbe0

  • SHA1

    14a248eaf8b06cc856ddede3ae368a6c56f5fd35

  • SHA256

    2a8a7cba3daed23bfa7d19f945a573ce1f3349a92aa181d52832734c537e0738

  • SHA512

    17795d091d34ca0d6ce115bf169c2024ba6f1c08559f6c1f545783649d0bf6bceaaf2fc0065ce865bf6aaff5ac53691f7e8b40d82e09ce94df3ad0e62d1e8c30

  • SSDEEP

    3072:pDKW1LgppLRHMY0TBfJvjcTp5XZpa8nqeo7Qbeues6Y:pDKW1Lgbdl0TBBvjc/S81Sues

Malware Config

Targets

    • Target

      b4d6e477b79f203e9947ad396600cbe0_NeikiAnalytics

    • Size

      181KB

    • MD5

      b4d6e477b79f203e9947ad396600cbe0

    • SHA1

      14a248eaf8b06cc856ddede3ae368a6c56f5fd35

    • SHA256

      2a8a7cba3daed23bfa7d19f945a573ce1f3349a92aa181d52832734c537e0738

    • SHA512

      17795d091d34ca0d6ce115bf169c2024ba6f1c08559f6c1f545783649d0bf6bceaaf2fc0065ce865bf6aaff5ac53691f7e8b40d82e09ce94df3ad0e62d1e8c30

    • SSDEEP

      3072:pDKW1LgppLRHMY0TBfJvjcTp5XZpa8nqeo7Qbeues6Y:pDKW1Lgbdl0TBBvjc/S81Sues

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Windows security modification

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Tasks