General
-
Target
8efd0cfdd1d91dfa1adef0d1ab4d71a0_NeikiAnalytics.exe
-
Size
66KB
-
Sample
240601-f1sgfabh32
-
MD5
8efd0cfdd1d91dfa1adef0d1ab4d71a0
-
SHA1
beae3eae67859bfa87126033e5864de83915b2e1
-
SHA256
719aa7b9741f619589e650f9fa62d73fc586b6444aa0fb912efabe4b789564d2
-
SHA512
864aa9733f738ab57bc31a16e9d392f518ebfe4cefc34219fe42a83f41e33bf77307de29f32ac34f59d359892ab8bea8288629c18d062e40d26bd87c6e57e912
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiO:IeklMMYJhqezw/pXzH9iO
Static task
static1
Behavioral task
behavioral1
Sample
8efd0cfdd1d91dfa1adef0d1ab4d71a0_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8efd0cfdd1d91dfa1adef0d1ab4d71a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
8efd0cfdd1d91dfa1adef0d1ab4d71a0_NeikiAnalytics.exe
-
Size
66KB
-
MD5
8efd0cfdd1d91dfa1adef0d1ab4d71a0
-
SHA1
beae3eae67859bfa87126033e5864de83915b2e1
-
SHA256
719aa7b9741f619589e650f9fa62d73fc586b6444aa0fb912efabe4b789564d2
-
SHA512
864aa9733f738ab57bc31a16e9d392f518ebfe4cefc34219fe42a83f41e33bf77307de29f32ac34f59d359892ab8bea8288629c18d062e40d26bd87c6e57e912
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiO:IeklMMYJhqezw/pXzH9iO
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1