General
-
Target
76e2bed69e1bdd9581e3d5a9fe0960b0_NeikiAnalytics.exe
-
Size
1.8MB
-
Sample
240518-cylpbsgb2z
-
MD5
76e2bed69e1bdd9581e3d5a9fe0960b0
-
SHA1
4aa4e026c84181170baad0c95aa731ea479eb8c9
-
SHA256
e4cd1f144335d2d0d18205aa25bc81a137a410473037a3e5c3a6ad237d3fd208
-
SHA512
a9c87a3705741fac7c3a8b5aba815b30aa2baec7c5b8157c5d9bb79a7233d04b6949c935f8e7df781a9801a858468c48a75e4fcacf9cabd5cf8cf8eb7c8f83d1
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgt:J1gg4CppEI6GGfWDkIQDbGV6eH81kq
Behavioral task
behavioral1
Sample
76e2bed69e1bdd9581e3d5a9fe0960b0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
76e2bed69e1bdd9581e3d5a9fe0960b0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
76e2bed69e1bdd9581e3d5a9fe0960b0_NeikiAnalytics.exe
-
Size
1.8MB
-
MD5
76e2bed69e1bdd9581e3d5a9fe0960b0
-
SHA1
4aa4e026c84181170baad0c95aa731ea479eb8c9
-
SHA256
e4cd1f144335d2d0d18205aa25bc81a137a410473037a3e5c3a6ad237d3fd208
-
SHA512
a9c87a3705741fac7c3a8b5aba815b30aa2baec7c5b8157c5d9bb79a7233d04b6949c935f8e7df781a9801a858468c48a75e4fcacf9cabd5cf8cf8eb7c8f83d1
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgt:J1gg4CppEI6GGfWDkIQDbGV6eH81kq
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1