General
-
Target
35b63e2651d67b817e0dfb73e57bfab1d309536482904e310dc624ea3543dd4f_NeikiAnalytics
-
Size
1.8MB
-
Sample
240521-mev4rsaa5w
-
MD5
745bf86147d8971791dffabd3d6b15e0
-
SHA1
53870b0751f9caba2886810f71935e54e5ed8676
-
SHA256
35b63e2651d67b817e0dfb73e57bfab1d309536482904e310dc624ea3543dd4f
-
SHA512
cfd01deb56a89fdca2a60cc1058ef915e9e33b5b47d62f827b232e1887e0f432c530eec6b0aeb99313003db1964651df5dcc305a91bb2cdf70ed88a70738000e
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgj:J1gg4CppEI6GGfWDkIQDbGV6eH81ke
Behavioral task
behavioral1
Sample
35b63e2651d67b817e0dfb73e57bfab1d309536482904e310dc624ea3543dd4f_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
35b63e2651d67b817e0dfb73e57bfab1d309536482904e310dc624ea3543dd4f_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
35b63e2651d67b817e0dfb73e57bfab1d309536482904e310dc624ea3543dd4f_NeikiAnalytics
-
Size
1.8MB
-
MD5
745bf86147d8971791dffabd3d6b15e0
-
SHA1
53870b0751f9caba2886810f71935e54e5ed8676
-
SHA256
35b63e2651d67b817e0dfb73e57bfab1d309536482904e310dc624ea3543dd4f
-
SHA512
cfd01deb56a89fdca2a60cc1058ef915e9e33b5b47d62f827b232e1887e0f432c530eec6b0aeb99313003db1964651df5dcc305a91bb2cdf70ed88a70738000e
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgj:J1gg4CppEI6GGfWDkIQDbGV6eH81ke
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1