General
-
Target
d465fac50566ebe39ab269f4e2ce1e60_NeikiAnalytics.exe
-
Size
1.7MB
-
Sample
240517-jqcj1sgf64
-
MD5
d465fac50566ebe39ab269f4e2ce1e60
-
SHA1
82d42c87b1cb8d88355a7b14bfd4df8c3136907f
-
SHA256
912d9c221640ffb590edb4b941ddbb813533d5a2e2b1ff5a550c523c1b7bfeb3
-
SHA512
5b6e21cbbf298c82d02f061b29d1ae841d3c1841812a4241c78b15d55dbdf024ca31c4ee6c5e4843da2e5681af9012159b4a55c3b08635ed9e7fe7932fa30f56
-
SSDEEP
49152:+Qrth7VaHBIW2Y4exvJIvIrdMsJq7vBw2GoNNDjLK/:+g6fT4exM+MsMvFNNm
Static task
static1
Behavioral task
behavioral1
Sample
d465fac50566ebe39ab269f4e2ce1e60_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d465fac50566ebe39ab269f4e2ce1e60_NeikiAnalytics.exe
-
Size
1.7MB
-
MD5
d465fac50566ebe39ab269f4e2ce1e60
-
SHA1
82d42c87b1cb8d88355a7b14bfd4df8c3136907f
-
SHA256
912d9c221640ffb590edb4b941ddbb813533d5a2e2b1ff5a550c523c1b7bfeb3
-
SHA512
5b6e21cbbf298c82d02f061b29d1ae841d3c1841812a4241c78b15d55dbdf024ca31c4ee6c5e4843da2e5681af9012159b4a55c3b08635ed9e7fe7932fa30f56
-
SSDEEP
49152:+Qrth7VaHBIW2Y4exvJIvIrdMsJq7vBw2GoNNDjLK/:+g6fT4exM+MsMvFNNm
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3