ef19bb2bc9ef67642cbee7dfa36b0fc290b3ba6bb090f7e4a592849f6eea437e | Triage

Sharing

General

Target

a03648f93dc74e0d19217fe66e4c04d0_NeikiAnalytics.exe
Size

6.5MB
Sample

240603-mk1lfacf59
MD5

a03648f93dc74e0d19217fe66e4c04d0
SHA1

478b7c4ed4486f4f292534cecc6fe9a2e5e3b7b8
SHA256

ef19bb2bc9ef67642cbee7dfa36b0fc290b3ba6bb090f7e4a592849f6eea437e
SHA512

2fef21b4461723683d4b67941e13eaffef3f0d5bfe482248ac5ca48eb0bf3fc596d295eebaf4a7b61c8b920f1dc7307f3db56d1cc179455d9e9ae4ea126aad4c
SSDEEP

196608:sap6d1a9LO3NzvLHg17IJKfZUYJR6WrPUUpnn3:sap6faR6vLA17IJyTln

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  a03648f93dc74e0d19217fe66e4c04d0_NeikiAnalytics.exe
- Size
  
  6.5MB
- MD5
  
  a03648f93dc74e0d19217fe66e4c04d0
- SHA1
  
  478b7c4ed4486f4f292534cecc6fe9a2e5e3b7b8
- SHA256
  
  ef19bb2bc9ef67642cbee7dfa36b0fc290b3ba6bb090f7e4a592849f6eea437e
- SHA512
  
  2fef21b4461723683d4b67941e13eaffef3f0d5bfe482248ac5ca48eb0bf3fc596d295eebaf4a7b61c8b920f1dc7307f3db56d1cc179455d9e9ae4ea126aad4c
- SSDEEP
  
  196608:sap6d1a9LO3NzvLHg17IJKfZUYJR6WrPUUpnn3:sap6faR6vLA17IJyTln
Score

7^/10

bootkit persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence