Overview

overview

10

Static

static

3

3053f39320...cs.exe

windows7-x64

10

3053f39320...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3053f39320e0e0d7d8c776d1067c599736ac16b5c24a3e4ba7992bf991c0fa45_NeikiAnalytics

  • Size

    66KB

  • Sample

    240521-lvksashb2y

  • MD5

    b105f60607582574f11caf1e2aeb0cb0

  • SHA1

    4118aeaba2a85060baba2e2b048061fdd8962d72

  • SHA256

    3053f39320e0e0d7d8c776d1067c599736ac16b5c24a3e4ba7992bf991c0fa45

  • SHA512

    5500c191fc6093e133cdb4ef145373a16b7aa4087fc64e56b7e5fc83b73653992ead932f98f1cafddd543999890739facf0486460f75efe969c4aece9a8e6569

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiW:IeklMMYJhqezw/pXzH9iW

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      3053f39320e0e0d7d8c776d1067c599736ac16b5c24a3e4ba7992bf991c0fa45_NeikiAnalytics

    • Size

      66KB

    • MD5

      b105f60607582574f11caf1e2aeb0cb0

    • SHA1

      4118aeaba2a85060baba2e2b048061fdd8962d72

    • SHA256

      3053f39320e0e0d7d8c776d1067c599736ac16b5c24a3e4ba7992bf991c0fa45

    • SHA512

      5500c191fc6093e133cdb4ef145373a16b7aa4087fc64e56b7e5fc83b73653992ead932f98f1cafddd543999890739facf0486460f75efe969c4aece9a8e6569

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiW:IeklMMYJhqezw/pXzH9iW

    Score
    10/10
    evasionpersistencetrojan

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

      trojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks