General
-
Target
6ece57c5a2f72895045539c6d9d5eb10_NeikiAnalytics.exe
-
Size
66KB
-
Sample
240523-b1cnrsgh2v
-
MD5
6ece57c5a2f72895045539c6d9d5eb10
-
SHA1
d3eda15b420f1830a77470c75c8e814668f344cb
-
SHA256
6eaed31dd8cf487f727cc85273120246e6b059e7b018c731d9d7f0c108930bdd
-
SHA512
7bb7c96b7005bbb655a26daa88c85ea95ac2681ab5d32642ccc629a83d58c298a88d5345cabc714d27cb37f62df2f2e1c77476d06b9a530e42f9f760ef72ac7f
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXim:IeklMMYJhqezw/pXzH9im
Malware Config
Targets
-
-
Target
6ece57c5a2f72895045539c6d9d5eb10_NeikiAnalytics.exe
-
Size
66KB
-
MD5
6ece57c5a2f72895045539c6d9d5eb10
-
SHA1
d3eda15b420f1830a77470c75c8e814668f344cb
-
SHA256
6eaed31dd8cf487f727cc85273120246e6b059e7b018c731d9d7f0c108930bdd
-
SHA512
7bb7c96b7005bbb655a26daa88c85ea95ac2681ab5d32642ccc629a83d58c298a88d5345cabc714d27cb37f62df2f2e1c77476d06b9a530e42f9f760ef72ac7f
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXim:IeklMMYJhqezw/pXzH9im
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1