General

  • Target

    a2a6fdcb907d0e4a4f94f8750c3c7710_NeikiAnalytics.exe

  • Size

    65KB

  • Sample

    240530-n4wl9sgd4v

  • MD5

    a2a6fdcb907d0e4a4f94f8750c3c7710

  • SHA1

    ce105cffcb3c11492d86652d2521d1f6cb01a60a

  • SHA256

    7d807e7f3f456b9b8709f28315bf0adac7854d167cff6bca008e91c57a858b04

  • SHA512

    e49aed57a701ec89018f1e3b77db57457607fb4b88117dca71a99a8deb1f16cfff957c241d7a0b92cf64a507cf53d5e6c9b0c629a346cd8797a85e4b4b80c827

  • SSDEEP

    1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuC666666666666666666d:7WNqkOJWmo1HpM0MkTUmuI

Malware Config

Targets

    • Target

      a2a6fdcb907d0e4a4f94f8750c3c7710_NeikiAnalytics.exe

    • Size

      65KB

    • MD5

      a2a6fdcb907d0e4a4f94f8750c3c7710

    • SHA1

      ce105cffcb3c11492d86652d2521d1f6cb01a60a

    • SHA256

      7d807e7f3f456b9b8709f28315bf0adac7854d167cff6bca008e91c57a858b04

    • SHA512

      e49aed57a701ec89018f1e3b77db57457607fb4b88117dca71a99a8deb1f16cfff957c241d7a0b92cf64a507cf53d5e6c9b0c629a346cd8797a85e4b4b80c827

    • SSDEEP

      1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuC666666666666666666d:7WNqkOJWmo1HpM0MkTUmuI

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks