General
-
Target
a1c1218525f33669d49554250f706700_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240518-g31q9sfe77
-
MD5
a1c1218525f33669d49554250f706700
-
SHA1
c9a48f2fd0c8bd18af0dd1ad771b8e766fcaaf75
-
SHA256
01e34b2169285f69d303b23dfdbbd5afc61020ce8f2e5c07528b3bb34bebe03e
-
SHA512
e62e1736780ec356e3b2764627b6c4979c03239b641eb38eea5620bfd8370dc0a77767e5a45bedd236d6ec094c54435c79923c3d579e633a7bfe8914f4b111d9
-
SSDEEP
3072:dBABYC+RMU0A4F1UPcltAZznceTB5CYV:dBABz0+1UO+dpTnCK
Static task
static1
Behavioral task
behavioral1
Sample
a1c1218525f33669d49554250f706700_NeikiAnalytics.dll
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a1c1218525f33669d49554250f706700_NeikiAnalytics.exe
-
Size
120KB
-
MD5
a1c1218525f33669d49554250f706700
-
SHA1
c9a48f2fd0c8bd18af0dd1ad771b8e766fcaaf75
-
SHA256
01e34b2169285f69d303b23dfdbbd5afc61020ce8f2e5c07528b3bb34bebe03e
-
SHA512
e62e1736780ec356e3b2764627b6c4979c03239b641eb38eea5620bfd8370dc0a77767e5a45bedd236d6ec094c54435c79923c3d579e633a7bfe8914f4b111d9
-
SSDEEP
3072:dBABYC+RMU0A4F1UPcltAZznceTB5CYV:dBABz0+1UO+dpTnCK
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3