a39f7640d8cee0617fab6413b859f9fbbb8f576c4da8700e54d74589afaa9c6b | Triage

Sharing

General

Target

a0944d5fa326bebd975941e6ae5bb730_NeikiAnalytics.exe
Size

70KB
Sample

240523-jba3mshe7y
MD5

a0944d5fa326bebd975941e6ae5bb730
SHA1

0a2f4d5b71f2682a0bf1faeb7203eac2415ff61d
SHA256

a39f7640d8cee0617fab6413b859f9fbbb8f576c4da8700e54d74589afaa9c6b
SHA512

478e8df125839b16e45434237906d286024390b53821bcc6c4e670661a2090c2379a83df8123dd0962dcc77dea80bff6be88b3f5aa14fd1a795f7a4f9bd4a908
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slpb:Olg35GTslA5t3/w8wb

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  a0944d5fa326bebd975941e6ae5bb730_NeikiAnalytics.exe
- Size
  
  70KB
- MD5
  
  a0944d5fa326bebd975941e6ae5bb730
- SHA1
  
  0a2f4d5b71f2682a0bf1faeb7203eac2415ff61d
- SHA256
  
  a39f7640d8cee0617fab6413b859f9fbbb8f576c4da8700e54d74589afaa9c6b
- SHA512
  
  478e8df125839b16e45434237906d286024390b53821bcc6c4e670661a2090c2379a83df8123dd0962dcc77dea80bff6be88b3f5aa14fd1a795f7a4f9bd4a908
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slpb:Olg35GTslA5t3/w8wb
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan