General
-
Target
fe1a7571c9807b27e8776e1349733430_NeikiAnalytics.exe
-
Size
65KB
-
Sample
240523-k8vzrabg2v
-
MD5
fe1a7571c9807b27e8776e1349733430
-
SHA1
d3aa49a8533a2cfdf31ae694ab56139ee06c544a
-
SHA256
331a08fff9e8d20fc5db7ce52ac5a0f1051bde9b84ab91e2d41d3042670c1337
-
SHA512
e6641b0ce17bfd8c3d115b830f95611d76acd995f05a503e7e1cbff48201ee9980b8911632bda0121aef92ed98eb968c60ac4e9d8f815e8208a0ad2ee2f7d65b
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuP:7WNqkOJWmo1HpM0MkTUmuP
Static task
static1
Behavioral task
behavioral1
Sample
fe1a7571c9807b27e8776e1349733430_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fe1a7571c9807b27e8776e1349733430_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
fe1a7571c9807b27e8776e1349733430_NeikiAnalytics.exe
-
Size
65KB
-
MD5
fe1a7571c9807b27e8776e1349733430
-
SHA1
d3aa49a8533a2cfdf31ae694ab56139ee06c544a
-
SHA256
331a08fff9e8d20fc5db7ce52ac5a0f1051bde9b84ab91e2d41d3042670c1337
-
SHA512
e6641b0ce17bfd8c3d115b830f95611d76acd995f05a503e7e1cbff48201ee9980b8911632bda0121aef92ed98eb968c60ac4e9d8f815e8208a0ad2ee2f7d65b
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuP:7WNqkOJWmo1HpM0MkTUmuP
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1