General
-
Target
c91f40258886d933218397b1ffda1150_NeikiAnalytics.exe
-
Size
307KB
-
Sample
240519-qnth3sac69
-
MD5
c91f40258886d933218397b1ffda1150
-
SHA1
07768258b71eaa59976f8aa732a0a0cdcbd376f2
-
SHA256
910a6350a191dc05080476edd8865f07a99eda54f33e58dad0e3ef8109414942
-
SHA512
bac43cec38fe8bafc6cd88055ccd350e6790c241a3ad1dc15e2a4d421ffb4bb703b5bd5eb5e2ff9f1c998b4ba3a97914f6a9876e9a53e05ece49cf5c50c18e4a
-
SSDEEP
6144:+vEN2U+T6i5LirrllHy4HUcMQY6i16h1Zfw5Rgsz6vkhEb:AENN+T5xYrllrU7QY6Rh1q5Rgbxb
Static task
static1
Behavioral task
behavioral1
Sample
c91f40258886d933218397b1ffda1150_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
c91f40258886d933218397b1ffda1150_NeikiAnalytics.exe
-
Size
307KB
-
MD5
c91f40258886d933218397b1ffda1150
-
SHA1
07768258b71eaa59976f8aa732a0a0cdcbd376f2
-
SHA256
910a6350a191dc05080476edd8865f07a99eda54f33e58dad0e3ef8109414942
-
SHA512
bac43cec38fe8bafc6cd88055ccd350e6790c241a3ad1dc15e2a4d421ffb4bb703b5bd5eb5e2ff9f1c998b4ba3a97914f6a9876e9a53e05ece49cf5c50c18e4a
-
SSDEEP
6144:+vEN2U+T6i5LirrllHy4HUcMQY6i16h1Zfw5Rgsz6vkhEb:AENN+T5xYrllrU7QY6Rh1q5Rgbxb
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
9Hide Artifacts
1Hidden Files and Directories
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3