4dacd8b160b43ac9f49dc88e75b2edb6f60006001ddfcaf23e48190281ba3351 | Triage

Sharing

General

Target

e3097784e859204168742bae3aeaeef0_NeikiAnalytics.exe
Size

70KB
Sample

240523-kz2e6sbe56
MD5

e3097784e859204168742bae3aeaeef0
SHA1

43e909f5c34d288f4e40992e8c0599a61b2e0678
SHA256

4dacd8b160b43ac9f49dc88e75b2edb6f60006001ddfcaf23e48190281ba3351
SHA512

9610538cc5c11a5ac7140ef42a0ffee3903fafc7583aa395f44ae30cabce5c3a99f42a1c373b9c76cf15f14833966b7b5bee854eb5b266fe156fc4a456f61df5
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slN:Olg35GTslA5t3/w8q

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  e3097784e859204168742bae3aeaeef0_NeikiAnalytics.exe
- Size
  
  70KB
- MD5
  
  e3097784e859204168742bae3aeaeef0
- SHA1
  
  43e909f5c34d288f4e40992e8c0599a61b2e0678
- SHA256
  
  4dacd8b160b43ac9f49dc88e75b2edb6f60006001ddfcaf23e48190281ba3351
- SHA512
  
  9610538cc5c11a5ac7140ef42a0ffee3903fafc7583aa395f44ae30cabce5c3a99f42a1c373b9c76cf15f14833966b7b5bee854eb5b266fe156fc4a456f61df5
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slN:Olg35GTslA5t3/w8q
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan