General
-
Target
b6d204cf96e004b32efbeaae6852962b_NeikiAnalytics.exe
-
Size
152KB
-
Sample
240519-n4n77agc6y
-
MD5
b6d204cf96e004b32efbeaae6852962b
-
SHA1
549abe4a13e5aa2c6f78b2e5dce3408641568c96
-
SHA256
6b4f87b48c72cb08688413039bed57be6882933ead00949e7d85f582a504f1e8
-
SHA512
ed7293f46e23297876d176cfe97a9db4715f2328b5a505b129a39ff991ad9e6e9923453531c698cedc19db0aaf765c3510df2e074db0a42ea7191c22887b46f8
-
SSDEEP
3072:321sD4b3JiD3GWguwp07jyAKR9G6yx9zwxqpoSEQYynmL:kcKWt75oqLY8mL
Static task
static1
Behavioral task
behavioral1
Sample
b6d204cf96e004b32efbeaae6852962b_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
b6d204cf96e004b32efbeaae6852962b_NeikiAnalytics.exe
-
Size
152KB
-
MD5
b6d204cf96e004b32efbeaae6852962b
-
SHA1
549abe4a13e5aa2c6f78b2e5dce3408641568c96
-
SHA256
6b4f87b48c72cb08688413039bed57be6882933ead00949e7d85f582a504f1e8
-
SHA512
ed7293f46e23297876d176cfe97a9db4715f2328b5a505b129a39ff991ad9e6e9923453531c698cedc19db0aaf765c3510df2e074db0a42ea7191c22887b46f8
-
SSDEEP
3072:321sD4b3JiD3GWguwp07jyAKR9G6yx9zwxqpoSEQYynmL:kcKWt75oqLY8mL
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
7Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3