Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
56c3dabbbd485afe3acf887ae7e16800_NeikiAnalytics.exe
-
Size
65KB
-
Sample
240522-3dfkpada3s
-
MD5
56c3dabbbd485afe3acf887ae7e16800
-
SHA1
d76794906b1d67a37b9eebd6930bfcbf96650307
-
SHA256
10ce4f31a43caf61cf34e781a0065709db62134b777713e7e0b5fb0bc2c996c0
-
SHA512
ae25ce7bf009625272bf4712678de75b886f73eeff28de7b3f22d2936d5939d7c68ca00c4e087079255f0dab50112f755ce70806ad9f95b5fd8d4066ebfe0c3c
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuGFFFFFFFFFFFFFFFFFFB:7WNqkOJWmo1HpM0MkTUmu8
Malware Config
Targets
-
-
Target
56c3dabbbd485afe3acf887ae7e16800_NeikiAnalytics.exe
-
Size
65KB
-
MD5
56c3dabbbd485afe3acf887ae7e16800
-
SHA1
d76794906b1d67a37b9eebd6930bfcbf96650307
-
SHA256
10ce4f31a43caf61cf34e781a0065709db62134b777713e7e0b5fb0bc2c996c0
-
SHA512
ae25ce7bf009625272bf4712678de75b886f73eeff28de7b3f22d2936d5939d7c68ca00c4e087079255f0dab50112f755ce70806ad9f95b5fd8d4066ebfe0c3c
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuGFFFFFFFFFFFFFFFFFFB:7WNqkOJWmo1HpM0MkTUmu8
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1