General

  • Target

    fe1a7571c9807b27e8776e1349733430_NeikiAnalytics.exe

  • Size

    65KB

  • Sample

    240523-k8vzrabg2v

  • MD5

    fe1a7571c9807b27e8776e1349733430

  • SHA1

    d3aa49a8533a2cfdf31ae694ab56139ee06c544a

  • SHA256

    331a08fff9e8d20fc5db7ce52ac5a0f1051bde9b84ab91e2d41d3042670c1337

  • SHA512

    e6641b0ce17bfd8c3d115b830f95611d76acd995f05a503e7e1cbff48201ee9980b8911632bda0121aef92ed98eb968c60ac4e9d8f815e8208a0ad2ee2f7d65b

  • SSDEEP

    1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuP:7WNqkOJWmo1HpM0MkTUmuP

Malware Config

Targets

    • Target

      fe1a7571c9807b27e8776e1349733430_NeikiAnalytics.exe

    • Size

      65KB

    • MD5

      fe1a7571c9807b27e8776e1349733430

    • SHA1

      d3aa49a8533a2cfdf31ae694ab56139ee06c544a

    • SHA256

      331a08fff9e8d20fc5db7ce52ac5a0f1051bde9b84ab91e2d41d3042670c1337

    • SHA512

      e6641b0ce17bfd8c3d115b830f95611d76acd995f05a503e7e1cbff48201ee9980b8911632bda0121aef92ed98eb968c60ac4e9d8f815e8208a0ad2ee2f7d65b

    • SSDEEP

      1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuP:7WNqkOJWmo1HpM0MkTUmuP

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks