General
-
Target
3b94744c1af3863468425acb2d086870_NeikiAnalytics.exe
-
Size
732KB
-
Sample
240518-yfdfwscf26
-
MD5
3b94744c1af3863468425acb2d086870
-
SHA1
e8e04d433b325e7c6f7375ed90eb6f44bddb4a50
-
SHA256
7286faa87d9761ae37f4cd3122865b829f2cab42eff87a3ffba01047929e508a
-
SHA512
bf12103aa593d6a4d5fa8325c22f26487b718865c278dc1a740780490c6ac1438db082bfbfcf1847be18c449076c4cc3db7c1289a2104f84863cac348ca639e7
-
SSDEEP
12288:ITyjXW+48qWywrU4kGFezOAVuJ5PIqww7F5DO3HYff8vt8nF:GIXW/8yw1ez54lIUF5SXYH0+nF
Static task
static1
Behavioral task
behavioral1
Sample
3b94744c1af3863468425acb2d086870_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3b94744c1af3863468425acb2d086870_NeikiAnalytics.exe
-
Size
732KB
-
MD5
3b94744c1af3863468425acb2d086870
-
SHA1
e8e04d433b325e7c6f7375ed90eb6f44bddb4a50
-
SHA256
7286faa87d9761ae37f4cd3122865b829f2cab42eff87a3ffba01047929e508a
-
SHA512
bf12103aa593d6a4d5fa8325c22f26487b718865c278dc1a740780490c6ac1438db082bfbfcf1847be18c449076c4cc3db7c1289a2104f84863cac348ca639e7
-
SSDEEP
12288:ITyjXW+48qWywrU4kGFezOAVuJ5PIqww7F5DO3HYff8vt8nF:GIXW/8yw1ez54lIUF5SXYH0+nF
-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
8Hide Artifacts
2Hidden Files and Directories
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3