Extracted

• • Target

    4a11f152922f2e209f5ca06ef741ef60_NeikiAnalytics.exe

  • Size

    1.4MB

  • MD5

    4a11f152922f2e209f5ca06ef741ef60

  • SHA1

    216a2ffbd516a5604718497a185343981f3c4a01

  • SHA256

    d64afa2c4338bfd2c4215193bde86d13e8736d1a77f2193e565e8f1876dfa9fe

  • SHA512

    7dc13d3e601ac75ef9d58e01c910c1a5c0e30892e3fbb4049a9d6b34ce62e19afbfa45d0ac628a277d56c8c8690a3198630703ad1037c4b5568f75aa1affe175

  • SSDEEP

    24576:k5xolYQY6EOb7YU0uestsWNthL8qUym53WJN5y3Mk1XXRw6+sBkZGsiH6W:nYW0ueBWjBy53WJN5y3Mi+6l9F

  Score

  10^/10

  salitybackdoorevasionpersistencetrojanupx

  • Detects BazaLoader malware

    BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    trojan

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2