General
-
Target
a3c64e52e7d5a52602a9af68a7d6a630_NeikiAnalytics.exe
-
Size
1015KB
-
Sample
240517-eqr79agg3t
-
MD5
a3c64e52e7d5a52602a9af68a7d6a630
-
SHA1
94e5e8a8befc15b8fc30fe429628391aa0465884
-
SHA256
a76cfe68e2df2450412ea3bd95d8e1df0bed4c01b375d0c5afee7e142e05f64d
-
SHA512
c5cb25f47443adecd9d8ec70dc5dec32bc2e17c98e53501445f3fe36a44b083b2fb45d08c6de559c2f7a5e0bc765b42ee1dae806c428284d4fdec5df5614d73d
-
SSDEEP
24576:H7z7G7ws7X71Fkx7I7+Kt47l7ZsZGC757q7g7O7hGLb47hGdb0Gd6zam8:H7z7G7ws7X71Fkx7I7+R7l7xC757qU77
Static task
static1
Behavioral task
behavioral1
Sample
a3c64e52e7d5a52602a9af68a7d6a630_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
a3c64e52e7d5a52602a9af68a7d6a630_NeikiAnalytics.exe
-
Size
1015KB
-
MD5
a3c64e52e7d5a52602a9af68a7d6a630
-
SHA1
94e5e8a8befc15b8fc30fe429628391aa0465884
-
SHA256
a76cfe68e2df2450412ea3bd95d8e1df0bed4c01b375d0c5afee7e142e05f64d
-
SHA512
c5cb25f47443adecd9d8ec70dc5dec32bc2e17c98e53501445f3fe36a44b083b2fb45d08c6de559c2f7a5e0bc765b42ee1dae806c428284d4fdec5df5614d73d
-
SSDEEP
24576:H7z7G7ws7X71Fkx7I7+Kt47l7ZsZGC757q7g7O7hGLb47hGdb0Gd6zam8:H7z7G7ws7X71Fkx7I7+R7l7xC757qU77
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3