General
-
Target
21b0627754ba1ee5cd613e3383ebb180_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240522-gjmqaseb6w
-
MD5
21b0627754ba1ee5cd613e3383ebb180
-
SHA1
216dcd2c12712dea33ee1407ef7511dbf32663a0
-
SHA256
aafc7f38f9ba94bca8bbeaaf9cf3e6f79ac48a64892421902af40e5ec7f6c2c0
-
SHA512
7bdf87cd29c6cdc67f525b4602d18052e0460e1f3835078571c80b7db49127b5a643adb08c32e4be9db6c018a2d80d9ed6f6b9ee67b7c93c5c758a712bfe329a
-
SSDEEP
3072:QGH3LWESpPtznS7Amou1lEap5Mj1z9iOFoq:NH3LIxNSUm6apij1BX+
Static task
static1
Behavioral task
behavioral1
Sample
21b0627754ba1ee5cd613e3383ebb180_NeikiAnalytics.dll
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
21b0627754ba1ee5cd613e3383ebb180_NeikiAnalytics.exe
-
Size
120KB
-
MD5
21b0627754ba1ee5cd613e3383ebb180
-
SHA1
216dcd2c12712dea33ee1407ef7511dbf32663a0
-
SHA256
aafc7f38f9ba94bca8bbeaaf9cf3e6f79ac48a64892421902af40e5ec7f6c2c0
-
SHA512
7bdf87cd29c6cdc67f525b4602d18052e0460e1f3835078571c80b7db49127b5a643adb08c32e4be9db6c018a2d80d9ed6f6b9ee67b7c93c5c758a712bfe329a
-
SSDEEP
3072:QGH3LWESpPtznS7Amou1lEap5Mj1z9iOFoq:NH3LIxNSUm6apij1BX+
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3