General
-
Target
254600be943591843fac7a5f1066d3b0_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240522-kt5kmshh75
-
MD5
254600be943591843fac7a5f1066d3b0
-
SHA1
867ec6de337d897bf9b110ca324b949897c1f8e4
-
SHA256
dafb705ca68bfc5fd7a93816a3884f00b61bf87e0136d4d35ad3530457edd278
-
SHA512
66e938146135f32f1e8e7368faa8baabc1762b036b1f80179a70bddfd9247742d88ea5ef0dc022746ef1d7f998223bc4a764a38984941e15e34fd0ed0f6cf92f
-
SSDEEP
3072:jwhcRIYe4oFLIDAhMmFdiAD3zog6SrSp8jtVNDk3:0uRIlLd7FzosrTtq
Static task
static1
Behavioral task
behavioral1
Sample
254600be943591843fac7a5f1066d3b0_NeikiAnalytics.dll
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
254600be943591843fac7a5f1066d3b0_NeikiAnalytics.exe
-
Size
120KB
-
MD5
254600be943591843fac7a5f1066d3b0
-
SHA1
867ec6de337d897bf9b110ca324b949897c1f8e4
-
SHA256
dafb705ca68bfc5fd7a93816a3884f00b61bf87e0136d4d35ad3530457edd278
-
SHA512
66e938146135f32f1e8e7368faa8baabc1762b036b1f80179a70bddfd9247742d88ea5ef0dc022746ef1d7f998223bc4a764a38984941e15e34fd0ed0f6cf92f
-
SSDEEP
3072:jwhcRIYe4oFLIDAhMmFdiAD3zog6SrSp8jtVNDk3:0uRIlLd7FzosrTtq
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3