885295b4ae7dec735e28bf4347224844d5f57e08e758302e189ef80f2b203d8c | Triage

Sharing

General

Target

e7f3d42975ea5294d51d31f92f983c70_NeikiAnalytics.exe
Size

68KB
Sample

240523-j5t3lsae4t
MD5

e7f3d42975ea5294d51d31f92f983c70
SHA1

80f215e749df38a358999a0a723237d185eb7fe3
SHA256

885295b4ae7dec735e28bf4347224844d5f57e08e758302e189ef80f2b203d8c
SHA512

cd53c4681355b520ea92c8bc600f84f6ac94540a8841e98c89aee267e1fb5a6efebb513742884234cc9b22724a453ad16c70848b202e118f257f81f9da29340d
SSDEEP

1536:1teqGDlXvCDB04f5Gn/L8ZlALNtnd1Fwg8:6lg35GTclABtnNwd

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  e7f3d42975ea5294d51d31f92f983c70_NeikiAnalytics.exe
- Size
  
  68KB
- MD5
  
  e7f3d42975ea5294d51d31f92f983c70
- SHA1
  
  80f215e749df38a358999a0a723237d185eb7fe3
- SHA256
  
  885295b4ae7dec735e28bf4347224844d5f57e08e758302e189ef80f2b203d8c
- SHA512
  
  cd53c4681355b520ea92c8bc600f84f6ac94540a8841e98c89aee267e1fb5a6efebb513742884234cc9b22724a453ad16c70848b202e118f257f81f9da29340d
- SSDEEP
  
  1536:1teqGDlXvCDB04f5Gn/L8ZlALNtnd1Fwg8:6lg35GTclABtnNwd
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan