General

  • Target

    5331aff74c1782c5b45c6cf95bc002a0_NeikiAnalytics.exe

  • Size

    66KB

  • Sample

    240526-cz4arscd79

  • MD5

    5331aff74c1782c5b45c6cf95bc002a0

  • SHA1

    ea0ad192a6e0030cf78421dfffea7d3b08933a78

  • SHA256

    57f8129e5cc0e04a4dd88ee9247eed9fa9693d60c08e3f9d73490da96c874210

  • SHA512

    f4dd77670040ba4bd1a105fcee60d490a8ede6a3af5d2cf10975e30264dce41e9c4cd23858ff5e22aaa2da8f891ec766328f497a21a079d90f65fa3dbef0bf03

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiw:IeklMMYJhqezw/pXzH9iw

Malware Config

Targets

    • Target

      5331aff74c1782c5b45c6cf95bc002a0_NeikiAnalytics.exe

    • Size

      66KB

    • MD5

      5331aff74c1782c5b45c6cf95bc002a0

    • SHA1

      ea0ad192a6e0030cf78421dfffea7d3b08933a78

    • SHA256

      57f8129e5cc0e04a4dd88ee9247eed9fa9693d60c08e3f9d73490da96c874210

    • SHA512

      f4dd77670040ba4bd1a105fcee60d490a8ede6a3af5d2cf10975e30264dce41e9c4cd23858ff5e22aaa2da8f891ec766328f497a21a079d90f65fa3dbef0bf03

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiw:IeklMMYJhqezw/pXzH9iw

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks