6d8360704d68dca9ac1e4d7f7407a872140ebec9a8311cd949c83b354402ea79 | Triage

Sharing

General

Target

8f2643cef8eb703a1991c5e9845b4f20_NeikiAnalytics.exe
Size

71KB
Sample

240523-hhlbhsgf51
MD5

8f2643cef8eb703a1991c5e9845b4f20
SHA1

d3467398bda52547ff6c3cd92becb3c809e48120
SHA256

6d8360704d68dca9ac1e4d7f7407a872140ebec9a8311cd949c83b354402ea79
SHA512

d952965dd0042eafb29ffebe1d504da60bcc3b4b4e3155614048ca33f279395051c12429d97395e85c4168eee80cae42a3f67e0dd61cddfc2befae8dbfe23451
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8sl6u:Olg35GTslA5t3/w8Xu

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  8f2643cef8eb703a1991c5e9845b4f20_NeikiAnalytics.exe
- Size
  
  71KB
- MD5
  
  8f2643cef8eb703a1991c5e9845b4f20
- SHA1
  
  d3467398bda52547ff6c3cd92becb3c809e48120
- SHA256
  
  6d8360704d68dca9ac1e4d7f7407a872140ebec9a8311cd949c83b354402ea79
- SHA512
  
  d952965dd0042eafb29ffebe1d504da60bcc3b4b4e3155614048ca33f279395051c12429d97395e85c4168eee80cae42a3f67e0dd61cddfc2befae8dbfe23451
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8sl6u:Olg35GTslA5t3/w8Xu
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan