General

  • Target

    ad25d968da27b0c296dff2faf4592970_NeikiAnalytics.exe

  • Size

    231KB

  • Sample

    240530-qy43kaae4w

  • MD5

    ad25d968da27b0c296dff2faf4592970

  • SHA1

    b393ad202a997b9e2a10f79cbec096279d1d3b99

  • SHA256

    6b1722fbf811775f896847152b04b51a141c66fda682aead1d1919b54130d2fa

  • SHA512

    e795f72deebba827c23098cc76e2ddc4b27c2952c7e8567541680fc88725bb6ac3f72fbb25b1218dd50f00a20d0a49b5d8c093382e55f3b1678cc2c71fe7e106

  • SSDEEP

    3072:k/5F/E7tEf0n+p+tYlpJH7iXQNgggHlxDZiYLK5Wpk0out9zOJKqsout9:khF4ca+wWJH7igNgjdFKsvoS9MKqsoS

Score
10/10

Malware Config

Targets

    • Target

      ad25d968da27b0c296dff2faf4592970_NeikiAnalytics.exe

    • Size

      231KB

    • MD5

      ad25d968da27b0c296dff2faf4592970

    • SHA1

      b393ad202a997b9e2a10f79cbec096279d1d3b99

    • SHA256

      6b1722fbf811775f896847152b04b51a141c66fda682aead1d1919b54130d2fa

    • SHA512

      e795f72deebba827c23098cc76e2ddc4b27c2952c7e8567541680fc88725bb6ac3f72fbb25b1218dd50f00a20d0a49b5d8c093382e55f3b1678cc2c71fe7e106

    • SSDEEP

      3072:k/5F/E7tEf0n+p+tYlpJH7iXQNgggHlxDZiYLK5Wpk0out9zOJKqsout9:khF4ca+wWJH7igNgjdFKsvoS9MKqsoS

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks