6719e6431cdfa6cbf65fbf3a926d97b87fffdd9d3a42a4bbbc4ef7f4b1285464 | Triage

Sharing

General

Target

d0bc190b0bfd629118c42c7d1078f7c0_NeikiAnalytics.exe
Size

70KB
Sample

240523-lme7vacb8s
MD5

d0bc190b0bfd629118c42c7d1078f7c0
SHA1

9a84dc00f9c81493005b9beb888f74ac32a12ea5
SHA256

6719e6431cdfa6cbf65fbf3a926d97b87fffdd9d3a42a4bbbc4ef7f4b1285464
SHA512

3442144f83e18873cea2967f04016cdabbfcec162fc98a91724deb44e8121b07c00cc1b3cfd80fc531bc6267b5afbf5db24d3ab4f6455004e695211c79f13b68
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slbsz:Olg35GTslA5t3/w8Zz

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  d0bc190b0bfd629118c42c7d1078f7c0_NeikiAnalytics.exe
- Size
  
  70KB
- MD5
  
  d0bc190b0bfd629118c42c7d1078f7c0
- SHA1
  
  9a84dc00f9c81493005b9beb888f74ac32a12ea5
- SHA256
  
  6719e6431cdfa6cbf65fbf3a926d97b87fffdd9d3a42a4bbbc4ef7f4b1285464
- SHA512
  
  3442144f83e18873cea2967f04016cdabbfcec162fc98a91724deb44e8121b07c00cc1b3cfd80fc531bc6267b5afbf5db24d3ab4f6455004e695211c79f13b68
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slbsz:Olg35GTslA5t3/w8Zz
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan