General

  • Target

    390c626c324950f75af3e77e77d31ff0_NeikiAnalytics.exe

  • Size

    66KB

  • Sample

    240602-fdwwcabe3t

  • MD5

    390c626c324950f75af3e77e77d31ff0

  • SHA1

    386263495f4d8e1502e1a49ca5745186b8476424

  • SHA256

    5f686fd71545c8bf85a1fa5c61bd843513ad961cc3e4b6da877a6730ad134178

  • SHA512

    92dd525d38b143c8bfe38aa77ab7f277edc7554b19d157ec1915789a89793ae16f3cfb20dc057699bb1e9748794e906a55c987884fdf94a0205531d4fa878aae

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXie:IeklMMYJhqezw/pXzH9ie

Malware Config

Targets

    • Target

      390c626c324950f75af3e77e77d31ff0_NeikiAnalytics.exe

    • Size

      66KB

    • MD5

      390c626c324950f75af3e77e77d31ff0

    • SHA1

      386263495f4d8e1502e1a49ca5745186b8476424

    • SHA256

      5f686fd71545c8bf85a1fa5c61bd843513ad961cc3e4b6da877a6730ad134178

    • SHA512

      92dd525d38b143c8bfe38aa77ab7f277edc7554b19d157ec1915789a89793ae16f3cfb20dc057699bb1e9748794e906a55c987884fdf94a0205531d4fa878aae

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXie:IeklMMYJhqezw/pXzH9ie

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks