General
-
Target
8c28df00bc5be2e468008b9bb3cb3b10_NeikiAnalytics.exe
-
Size
10.0MB
-
Sample
240525-f1vlssff56
-
MD5
8c28df00bc5be2e468008b9bb3cb3b10
-
SHA1
9e5623c1a12a43f3f4731415700760527b97449a
-
SHA256
328924f8134897fee4c360b1fb1d05728cc0613261e32cc6577424716ab089a1
-
SHA512
c258aa56f7f3291e3ce9c016ec7deef75d82cf6dcc85bb9683505cc3dafa5ec1815630d7f5e8a3e457f8475c85e200f1bec149d63371f918b3ab71db43437f61
-
SSDEEP
196608:YwyWzqX4fIvXxJyAzkC4BNcjl76MJhsHWlUdMFfmbt8JIMz:YwymfaX2AzJ4U1hJlUmK8JIY
Static task
static1
Behavioral task
behavioral1
Sample
8c28df00bc5be2e468008b9bb3cb3b10_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
8c28df00bc5be2e468008b9bb3cb3b10_NeikiAnalytics.exe
-
Size
10.0MB
-
MD5
8c28df00bc5be2e468008b9bb3cb3b10
-
SHA1
9e5623c1a12a43f3f4731415700760527b97449a
-
SHA256
328924f8134897fee4c360b1fb1d05728cc0613261e32cc6577424716ab089a1
-
SHA512
c258aa56f7f3291e3ce9c016ec7deef75d82cf6dcc85bb9683505cc3dafa5ec1815630d7f5e8a3e457f8475c85e200f1bec149d63371f918b3ab71db43437f61
-
SSDEEP
196608:YwyWzqX4fIvXxJyAzkC4BNcjl76MJhsHWlUdMFfmbt8JIMz:YwymfaX2AzJ4U1hJlUmK8JIY
-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
9