899414c22f27c18865de7ed21d7d854252246fbb9894dad184426462ca956a6e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e2c38a808ac49ebe2d9bf28bf79c110_NeikiAnalytics.exe
Size

66KB
Sample

240530-bl1r2saa33
MD5

5e2c38a808ac49ebe2d9bf28bf79c110
SHA1

5973ef80e2d675dcf8ef1d0795a2c14f6dd4dadc
SHA256

899414c22f27c18865de7ed21d7d854252246fbb9894dad184426462ca956a6e
SHA512

32409743e09cd42d1dd30b4566999b93fd4e090026256325daaf3eebc65895419f1865fbf1dd105848e0fa36a4a761bf97f4c140cd205783764501da090538a5
SSDEEP

1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiVttttttttttttttttttttX:IeklMMYJhqezw/pXzH9i1

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5e2c38a808ac49ebe2d9bf28bf79c110_NeikiAnalytics.exe
- Size
  
  66KB
- MD5
  
  5e2c38a808ac49ebe2d9bf28bf79c110
- SHA1
  
  5973ef80e2d675dcf8ef1d0795a2c14f6dd4dadc
- SHA256
  
  899414c22f27c18865de7ed21d7d854252246fbb9894dad184426462ca956a6e
- SHA512
  
  32409743e09cd42d1dd30b4566999b93fd4e090026256325daaf3eebc65895419f1865fbf1dd105848e0fa36a4a761bf97f4c140cd205783764501da090538a5
- SSDEEP
  
  1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiVttttttttttttttttttttX:IeklMMYJhqezw/pXzH9i1
Score

10^/10

evasion persistence trojan
- Detects BazaLoader malware
  BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
  trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan