General
-
Target
b266b43791026c6718e36de3d1c3e670_NeikiAnalytics.exe
-
Size
1.8MB
-
Sample
240523-fwgjdaeh46
-
MD5
b266b43791026c6718e36de3d1c3e670
-
SHA1
53e298fb5aac31f0430c78a9a16465313d23c68a
-
SHA256
93bd41bde4b05517d74e9203e2b4eabd19b0b00311103171d10ee74257660103
-
SHA512
2648728c9f4e98886990474c9f1c2a3d6ac1b51f8b01d841714c6051cdf66a95fce387f02b902b6e39f231acb29ed93d2754c4c1c8b0ec113c024340ca07f5a7
-
SSDEEP
24576:MddVtTj2i6OedT+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0A:6bTCrgxKCnFnQXBbrtgb/iQvu0UHOaT
Static task
static1
Behavioral task
behavioral1
Sample
b266b43791026c6718e36de3d1c3e670_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
b266b43791026c6718e36de3d1c3e670_NeikiAnalytics.exe
-
Size
1.8MB
-
MD5
b266b43791026c6718e36de3d1c3e670
-
SHA1
53e298fb5aac31f0430c78a9a16465313d23c68a
-
SHA256
93bd41bde4b05517d74e9203e2b4eabd19b0b00311103171d10ee74257660103
-
SHA512
2648728c9f4e98886990474c9f1c2a3d6ac1b51f8b01d841714c6051cdf66a95fce387f02b902b6e39f231acb29ed93d2754c4c1c8b0ec113c024340ca07f5a7
-
SSDEEP
24576:MddVtTj2i6OedT+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0A:6bTCrgxKCnFnQXBbrtgb/iQvu0UHOaT
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
6Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3