General

  • Target

    8efd0cfdd1d91dfa1adef0d1ab4d71a0_NeikiAnalytics.exe

  • Size

    66KB

  • Sample

    240601-f1sgfabh32

  • MD5

    8efd0cfdd1d91dfa1adef0d1ab4d71a0

  • SHA1

    beae3eae67859bfa87126033e5864de83915b2e1

  • SHA256

    719aa7b9741f619589e650f9fa62d73fc586b6444aa0fb912efabe4b789564d2

  • SHA512

    864aa9733f738ab57bc31a16e9d392f518ebfe4cefc34219fe42a83f41e33bf77307de29f32ac34f59d359892ab8bea8288629c18d062e40d26bd87c6e57e912

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiO:IeklMMYJhqezw/pXzH9iO

Malware Config

Targets

    • Target

      8efd0cfdd1d91dfa1adef0d1ab4d71a0_NeikiAnalytics.exe

    • Size

      66KB

    • MD5

      8efd0cfdd1d91dfa1adef0d1ab4d71a0

    • SHA1

      beae3eae67859bfa87126033e5864de83915b2e1

    • SHA256

      719aa7b9741f619589e650f9fa62d73fc586b6444aa0fb912efabe4b789564d2

    • SHA512

      864aa9733f738ab57bc31a16e9d392f518ebfe4cefc34219fe42a83f41e33bf77307de29f32ac34f59d359892ab8bea8288629c18d062e40d26bd87c6e57e912

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiO:IeklMMYJhqezw/pXzH9iO

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks