General
-
Target
66b8d3e83563987ae9e6347d3dd19870_NeikiAnalytics.exe
-
Size
543KB
-
Sample
240602-zv2byaeh6s
-
MD5
66b8d3e83563987ae9e6347d3dd19870
-
SHA1
576c4b768a007ff35abc4cfc14e6e0587aa309e2
-
SHA256
2197938df2d2704f6a525c27f100b7054e97d8e36588a224244cf0b652b03b96
-
SHA512
e2b285ca72bd4aa7cfc38429815c580422991130a7ad3333650e11b136571936a949fa4871640cff295a7bf2cf1192004d55492b77545c148cf702f339c5b32a
-
SSDEEP
6144:OU+xtlyDU+xtly7U+xtlyiU+xtlyDU+xtly7U+xtlyiU+xtlyDU+xtly7U+xtly3:OBUBMBNBUBMBNBUBMBNBUBMBNB
Malware Config
Targets
-
-
Target
66b8d3e83563987ae9e6347d3dd19870_NeikiAnalytics.exe
-
Size
543KB
-
MD5
66b8d3e83563987ae9e6347d3dd19870
-
SHA1
576c4b768a007ff35abc4cfc14e6e0587aa309e2
-
SHA256
2197938df2d2704f6a525c27f100b7054e97d8e36588a224244cf0b652b03b96
-
SHA512
e2b285ca72bd4aa7cfc38429815c580422991130a7ad3333650e11b136571936a949fa4871640cff295a7bf2cf1192004d55492b77545c148cf702f339c5b32a
-
SSDEEP
6144:OU+xtlyDU+xtly7U+xtlyiU+xtlyDU+xtly7U+xtlyiU+xtlyDU+xtly7U+xtly3:OBUBMBNBUBMBNBUBMBNBUBMBNB
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables cmd.exe use via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1