a1a8fd4e02e99b90ecba45fb655b97e41f18da54272a9dca8c9252c2862336db | Triage

Sharing

General

Target

6f2553f210ed8f1197dce823c8fa2610_NeikiAnalytics.exe
Size

72KB
Sample

240523-b2nsesgh61
MD5

6f2553f210ed8f1197dce823c8fa2610
SHA1

dd493659d3c6bd2c3c72425bafe500720459fc14
SHA256

a1a8fd4e02e99b90ecba45fb655b97e41f18da54272a9dca8c9252c2862336db
SHA512

0d6b2ece364a5685e55b1c9e656cc0bfa7a6550ae4f456016a27e78655a5ebe41f772a9380ccd287cc2589566acda5456cf13c765efde094f453d6248b61d40b
SSDEEP

1536:xAyToPledgGkAlSt9yzkwUk6Nr5kEHIwA69:3hgRAlStYzkrJNFkEH99

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  6f2553f210ed8f1197dce823c8fa2610_NeikiAnalytics.exe
- Size
  
  72KB
- MD5
  
  6f2553f210ed8f1197dce823c8fa2610
- SHA1
  
  dd493659d3c6bd2c3c72425bafe500720459fc14
- SHA256
  
  a1a8fd4e02e99b90ecba45fb655b97e41f18da54272a9dca8c9252c2862336db
- SHA512
  
  0d6b2ece364a5685e55b1c9e656cc0bfa7a6550ae4f456016a27e78655a5ebe41f772a9380ccd287cc2589566acda5456cf13c765efde094f453d6248b61d40b
- SSDEEP
  
  1536:xAyToPledgGkAlSt9yzkwUk6Nr5kEHIwA69:3hgRAlStYzkrJNFkEH99
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan