General
-
Target
1cea1b0ce3822658c165bcb1c80929b0_NeikiAnalytics.exe
-
Size
4.5MB
-
Sample
240518-22lwyadc26
-
MD5
1cea1b0ce3822658c165bcb1c80929b0
-
SHA1
9bd12ce0d114447cbcfb68aa8429f51d4b08c797
-
SHA256
134cc82d1702f6af49b36b9404a26069bd655bbd1a7659c9412f85be2a502532
-
SHA512
14123a26a2fc3846c9e8b87d4d215b08c61c024e688a023fa20d168ee807a3a8589935bc596aa0fa1bc82453a043fae363049cd51a955de73edd9ec3a56486c3
-
SSDEEP
24576:K1gg4CppEI6GGfWDkOQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0L:K1XP6rPbNechC0bNechC0bNecl
Behavioral task
behavioral1
Sample
1cea1b0ce3822658c165bcb1c80929b0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1cea1b0ce3822658c165bcb1c80929b0_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
1cea1b0ce3822658c165bcb1c80929b0_NeikiAnalytics.exe
-
Size
4.5MB
-
MD5
1cea1b0ce3822658c165bcb1c80929b0
-
SHA1
9bd12ce0d114447cbcfb68aa8429f51d4b08c797
-
SHA256
134cc82d1702f6af49b36b9404a26069bd655bbd1a7659c9412f85be2a502532
-
SHA512
14123a26a2fc3846c9e8b87d4d215b08c61c024e688a023fa20d168ee807a3a8589935bc596aa0fa1bc82453a043fae363049cd51a955de73edd9ec3a56486c3
-
SSDEEP
24576:K1gg4CppEI6GGfWDkOQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0L:K1XP6rPbNechC0bNechC0bNecl
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1