Overview

overview

10

Static

static

1

72f290fb1f...cs.exe

windows7-x64

10

72f290fb1f...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72f290fb1f004146888a15a702a921d0_NeikiAnalytics.exe

  • Size

    151KB

  • Sample

    240523-cendtahh23

  • MD5

    72f290fb1f004146888a15a702a921d0

  • SHA1

    b0351634502939971cec75eec561e6668831296a

  • SHA256

    e7c5ba0f4ea06d1058fda0f866ab3e75f2959982c3a91129ceab4acc461c713c

  • SHA512

    ed9b1cf63701cb0f8e32125abf56d0332e2ba601a5ab73d4b2895b59e2e0238d88ab43583f03f7dfd95fafaa56cb2e01eb4cc624d03eb3ff4f26a69d21478cdd

  • SSDEEP

    3072:bo5sRbO6SBgTCPZ0W1f8zEXahv0bX+m6SLXULDWaPXpyq0p2:bo5sRbO6STPLRahvS+YXUXWa

Score
10/10
persistence

Malware Config

Targets

    • Target

      72f290fb1f004146888a15a702a921d0_NeikiAnalytics.exe

    • Size

      151KB

    • MD5

      72f290fb1f004146888a15a702a921d0

    • SHA1

      b0351634502939971cec75eec561e6668831296a

    • SHA256

      e7c5ba0f4ea06d1058fda0f866ab3e75f2959982c3a91129ceab4acc461c713c

    • SHA512

      ed9b1cf63701cb0f8e32125abf56d0332e2ba601a5ab73d4b2895b59e2e0238d88ab43583f03f7dfd95fafaa56cb2e01eb4cc624d03eb3ff4f26a69d21478cdd

    • SSDEEP

      3072:bo5sRbO6SBgTCPZ0W1f8zEXahv0bX+m6SLXULDWaPXpyq0p2:bo5sRbO6STPLRahvS+YXUXWa

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks