cc393da4c27a7ac46fa2756f3b2a0eb55d925dd7b797048e188f5e1fb69cacd6 | Triage

Sharing

General

Target

93a9312ec2e2b40a4c0bb9d894b660b0_NeikiAnalytics.exe
Size

70KB
Sample

240523-g8qhgsgc88
MD5

93a9312ec2e2b40a4c0bb9d894b660b0
SHA1

aecb53fb0f9b725f9709016186c592b744f1d65b
SHA256

cc393da4c27a7ac46fa2756f3b2a0eb55d925dd7b797048e188f5e1fb69cacd6
SHA512

3539b2e72b6f62a04143c7d367a81cc99cc9ce54905eb9163f2ca5f3155d2071a1f8db3fef98fa7db71cacf736ebdba2c380afd209ed29764c81167632d605c7
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8b2:Olg35GTslA5t3/w8b2

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  93a9312ec2e2b40a4c0bb9d894b660b0_NeikiAnalytics.exe
- Size
  
  70KB
- MD5
  
  93a9312ec2e2b40a4c0bb9d894b660b0
- SHA1
  
  aecb53fb0f9b725f9709016186c592b744f1d65b
- SHA256
  
  cc393da4c27a7ac46fa2756f3b2a0eb55d925dd7b797048e188f5e1fb69cacd6
- SHA512
  
  3539b2e72b6f62a04143c7d367a81cc99cc9ce54905eb9163f2ca5f3155d2071a1f8db3fef98fa7db71cacf736ebdba2c380afd209ed29764c81167632d605c7
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8b2:Olg35GTslA5t3/w8b2
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan