General

  • Target

    6ece57c5a2f72895045539c6d9d5eb10_NeikiAnalytics.exe

  • Size

    66KB

  • Sample

    240523-b1cnrsgh2v

  • MD5

    6ece57c5a2f72895045539c6d9d5eb10

  • SHA1

    d3eda15b420f1830a77470c75c8e814668f344cb

  • SHA256

    6eaed31dd8cf487f727cc85273120246e6b059e7b018c731d9d7f0c108930bdd

  • SHA512

    7bb7c96b7005bbb655a26daa88c85ea95ac2681ab5d32642ccc629a83d58c298a88d5345cabc714d27cb37f62df2f2e1c77476d06b9a530e42f9f760ef72ac7f

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXim:IeklMMYJhqezw/pXzH9im

Malware Config

Targets

    • Target

      6ece57c5a2f72895045539c6d9d5eb10_NeikiAnalytics.exe

    • Size

      66KB

    • MD5

      6ece57c5a2f72895045539c6d9d5eb10

    • SHA1

      d3eda15b420f1830a77470c75c8e814668f344cb

    • SHA256

      6eaed31dd8cf487f727cc85273120246e6b059e7b018c731d9d7f0c108930bdd

    • SHA512

      7bb7c96b7005bbb655a26daa88c85ea95ac2681ab5d32642ccc629a83d58c298a88d5345cabc714d27cb37f62df2f2e1c77476d06b9a530e42f9f760ef72ac7f

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXim:IeklMMYJhqezw/pXzH9im

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks