General
-
Target
deab413f65adeedf46f57630595dbd70_NeikiAnalytics.exe
-
Size
3.9MB
-
Sample
240518-sjev8shc7y
-
MD5
deab413f65adeedf46f57630595dbd70
-
SHA1
619a55ea0549fca4ba84c4fb8b5e15408a2d7ad8
-
SHA256
58046f2e25b0c8926213e4b5cf54658bebe4078e41ae94001821ddfb1202428e
-
SHA512
ffe8309b22d3b53956eff6362ea277c3fd652e850aad2c0b399f07b333b744f5e3152650cf96d70a9079b3df99948dc8cb3f4b99f11d12f0b83c4b05e73d9482
-
SSDEEP
24576:GIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDW:7C0bNechC0bNechC0bNece
Malware Config
Targets
-
-
Target
deab413f65adeedf46f57630595dbd70_NeikiAnalytics.exe
-
Size
3.9MB
-
MD5
deab413f65adeedf46f57630595dbd70
-
SHA1
619a55ea0549fca4ba84c4fb8b5e15408a2d7ad8
-
SHA256
58046f2e25b0c8926213e4b5cf54658bebe4078e41ae94001821ddfb1202428e
-
SHA512
ffe8309b22d3b53956eff6362ea277c3fd652e850aad2c0b399f07b333b744f5e3152650cf96d70a9079b3df99948dc8cb3f4b99f11d12f0b83c4b05e73d9482
-
SSDEEP
24576:GIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDW:7C0bNechC0bNechC0bNece
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1