General
-
Target
751dd87e2d9386c084b1c5a37606f8e0_NeikiAnalytics
-
Size
66KB
-
Sample
240515-ed5mtafh6w
-
MD5
751dd87e2d9386c084b1c5a37606f8e0
-
SHA1
822c1b5e3bf75c4aaf3dc005ba1a39fb5432ed09
-
SHA256
62d7ffee1160f332be5a1031c236f0088f02a2915eb4c22dd3475a81f93ed219
-
SHA512
970c02f1ada79b3ea3e4ae4adbc5fca6a23f43e10b5faa4b2625c45927d9850a0228916dc549fef31498b2e1cb5462d0aefa97b5a870322fc01c22040829503f
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXi1:IeklMMYJhqezw/pXzH9i1
Malware Config
Targets
-
-
Target
751dd87e2d9386c084b1c5a37606f8e0_NeikiAnalytics
-
Size
66KB
-
MD5
751dd87e2d9386c084b1c5a37606f8e0
-
SHA1
822c1b5e3bf75c4aaf3dc005ba1a39fb5432ed09
-
SHA256
62d7ffee1160f332be5a1031c236f0088f02a2915eb4c22dd3475a81f93ed219
-
SHA512
970c02f1ada79b3ea3e4ae4adbc5fca6a23f43e10b5faa4b2625c45927d9850a0228916dc549fef31498b2e1cb5462d0aefa97b5a870322fc01c22040829503f
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXi1:IeklMMYJhqezw/pXzH9i1
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1