General

  • Target

    4f454432154ea5072e4a1784014e4060_NeikiAnalytics.exe

  • Size

    66KB

  • Sample

    240605-lxqfkadc58

  • MD5

    4f454432154ea5072e4a1784014e4060

  • SHA1

    6bb00aef69080afdaa8a95d2a9b170b8358cd104

  • SHA256

    0eb493b03d26104d9bfe22893cd64d879b469fe35e23c064e44fdc03fe0ddc44

  • SHA512

    fe8fff0fcfac27f7647303685ef3416e7801b344b95ce78218b05ced6c160e0daf4e92025e313edb53fe2b9fe2ec087af8d1d1948f5c026665da60c4103c213a

  • SSDEEP

    1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiJ:IeklMMYJhqezw/pXzH9iJ

Malware Config

Targets

    • Target

      4f454432154ea5072e4a1784014e4060_NeikiAnalytics.exe

    • Size

      66KB

    • MD5

      4f454432154ea5072e4a1784014e4060

    • SHA1

      6bb00aef69080afdaa8a95d2a9b170b8358cd104

    • SHA256

      0eb493b03d26104d9bfe22893cd64d879b469fe35e23c064e44fdc03fe0ddc44

    • SHA512

      fe8fff0fcfac27f7647303685ef3416e7801b344b95ce78218b05ced6c160e0daf4e92025e313edb53fe2b9fe2ec087af8d1d1948f5c026665da60c4103c213a

    • SSDEEP

      1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiJ:IeklMMYJhqezw/pXzH9iJ

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks