General

  • Target

    911f5ad32b4413f552e617ac84bb07e0_NeikiAnalytics.exe

  • Size

    66KB

  • Sample

    240601-he25vsch7s

  • MD5

    911f5ad32b4413f552e617ac84bb07e0

  • SHA1

    6ba1907aac5a47c54ef0f5dea48ef5f8cb01ece9

  • SHA256

    22c9bde5692a6e43086793179828c1135084739982e8347ef5ded42d4af07cd3

  • SHA512

    63753e60db89fa18bce0ebcce4bc093a27fb3ab7871a1d12df696c9cb075b2c83c49a362506753f28e503ab302690e1d7f8411b6d7fab9207f566b9ce6133987

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXix:IeklMMYJhqezw/pXzH9ix

Malware Config

Targets

    • Target

      911f5ad32b4413f552e617ac84bb07e0_NeikiAnalytics.exe

    • Size

      66KB

    • MD5

      911f5ad32b4413f552e617ac84bb07e0

    • SHA1

      6ba1907aac5a47c54ef0f5dea48ef5f8cb01ece9

    • SHA256

      22c9bde5692a6e43086793179828c1135084739982e8347ef5ded42d4af07cd3

    • SHA512

      63753e60db89fa18bce0ebcce4bc093a27fb3ab7871a1d12df696c9cb075b2c83c49a362506753f28e503ab302690e1d7f8411b6d7fab9207f566b9ce6133987

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXix:IeklMMYJhqezw/pXzH9ix

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks