General
-
Target
179ed846f38f3493ef69e47aef1b34a0_NeikiAnalytics.exe
-
Size
200KB
-
Sample
240527-cf4r7adc69
-
MD5
179ed846f38f3493ef69e47aef1b34a0
-
SHA1
a82cefb7ef2f0fcc08213098ed3ed23f1e7a7b0e
-
SHA256
48636f6b874c7c83be64737951bed1d3e642423a6faf34286fc2204f0c86590f
-
SHA512
4b5073d74d165878c9589f6cd0db896d2d398d52e23192acce7b416a9c9d754f558d704b175aed527f43dba74c95b85df4b76fa316921175de75a0b3bad0d584
-
SSDEEP
6144:wMqWfdNAN6/AjNggWEv9XCrrupJywxS9KLF0:vqWfdNAc/uNKmSmfx6KW
Static task
static1
Behavioral task
behavioral1
Sample
179ed846f38f3493ef69e47aef1b34a0_NeikiAnalytics.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
179ed846f38f3493ef69e47aef1b34a0_NeikiAnalytics.exe
-
Size
200KB
-
MD5
179ed846f38f3493ef69e47aef1b34a0
-
SHA1
a82cefb7ef2f0fcc08213098ed3ed23f1e7a7b0e
-
SHA256
48636f6b874c7c83be64737951bed1d3e642423a6faf34286fc2204f0c86590f
-
SHA512
4b5073d74d165878c9589f6cd0db896d2d398d52e23192acce7b416a9c9d754f558d704b175aed527f43dba74c95b85df4b76fa316921175de75a0b3bad0d584
-
SSDEEP
6144:wMqWfdNAN6/AjNggWEv9XCrrupJywxS9KLF0:vqWfdNAc/uNKmSmfx6KW
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
7Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3