General
-
Target
49060e183cfd3d439b4b212a894bb720_NeikiAnalytics.exe
-
Size
97KB
-
Sample
240517-2rckhsfc25
-
MD5
49060e183cfd3d439b4b212a894bb720
-
SHA1
0c44e1d146e2293b280361c8bae3e8c24c97646d
-
SHA256
ce10e12543e9dd43c86677dc7c22f450e0b620e3ac9252ed6fcbf02f7d13a590
-
SHA512
066fccdea1b836940f917de4ab82efc86b67033fa16c8e3e7de9e9d1e224bf588a3497038e560d9c0574e7cd80b2fcf67cea1a5d5f2821b4c8be49c9f5e6f1ad
-
SSDEEP
1536:Hk9voeVR22LooOcIrSDaIFEaeY6HbViKeeM+JoDOWVjfwxfORVGBIcjZGjaQH:qVmolIr8xeY65LZUIx2qZZGj
Static task
static1
Behavioral task
behavioral1
Sample
49060e183cfd3d439b4b212a894bb720_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
49060e183cfd3d439b4b212a894bb720_NeikiAnalytics.exe
-
Size
97KB
-
MD5
49060e183cfd3d439b4b212a894bb720
-
SHA1
0c44e1d146e2293b280361c8bae3e8c24c97646d
-
SHA256
ce10e12543e9dd43c86677dc7c22f450e0b620e3ac9252ed6fcbf02f7d13a590
-
SHA512
066fccdea1b836940f917de4ab82efc86b67033fa16c8e3e7de9e9d1e224bf588a3497038e560d9c0574e7cd80b2fcf67cea1a5d5f2821b4c8be49c9f5e6f1ad
-
SSDEEP
1536:Hk9voeVR22LooOcIrSDaIFEaeY6HbViKeeM+JoDOWVjfwxfORVGBIcjZGjaQH:qVmolIr8xeY65LZUIx2qZZGj
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3