General
-
Target
0c401bf3e30a32f61030f31e9a592050_NeikiAnalytics
-
Size
65KB
-
Sample
240514-w68nlsac4x
-
MD5
0c401bf3e30a32f61030f31e9a592050
-
SHA1
42ac1b81f07879df0631007318c45756ae1a49a1
-
SHA256
40d3413b280df0796276e55149db034cc9239b07547fa2a7c1e7f3ec88457985
-
SHA512
3d6be9840921a1b2cdbba0ad5bebd22fa32c45048337d48796b9e66670a27b76db5e2fb79ee8e98d9e9f0157c1a91d8a01825f8c9cc6535e2ee74bbe6f0c800d
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/Ou3:7WNqkOJWmo1HpM0MkTUmu3
Malware Config
Targets
-
-
Target
0c401bf3e30a32f61030f31e9a592050_NeikiAnalytics
-
Size
65KB
-
MD5
0c401bf3e30a32f61030f31e9a592050
-
SHA1
42ac1b81f07879df0631007318c45756ae1a49a1
-
SHA256
40d3413b280df0796276e55149db034cc9239b07547fa2a7c1e7f3ec88457985
-
SHA512
3d6be9840921a1b2cdbba0ad5bebd22fa32c45048337d48796b9e66670a27b76db5e2fb79ee8e98d9e9f0157c1a91d8a01825f8c9cc6535e2ee74bbe6f0c800d
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/Ou3:7WNqkOJWmo1HpM0MkTUmu3
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1