General
-
Target
4f454432154ea5072e4a1784014e4060_NeikiAnalytics.exe
-
Size
66KB
-
Sample
240605-lxqfkadc58
-
MD5
4f454432154ea5072e4a1784014e4060
-
SHA1
6bb00aef69080afdaa8a95d2a9b170b8358cd104
-
SHA256
0eb493b03d26104d9bfe22893cd64d879b469fe35e23c064e44fdc03fe0ddc44
-
SHA512
fe8fff0fcfac27f7647303685ef3416e7801b344b95ce78218b05ced6c160e0daf4e92025e313edb53fe2b9fe2ec087af8d1d1948f5c026665da60c4103c213a
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiJ:IeklMMYJhqezw/pXzH9iJ
Static task
static1
Behavioral task
behavioral1
Sample
4f454432154ea5072e4a1784014e4060_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4f454432154ea5072e4a1784014e4060_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4f454432154ea5072e4a1784014e4060_NeikiAnalytics.exe
-
Size
66KB
-
MD5
4f454432154ea5072e4a1784014e4060
-
SHA1
6bb00aef69080afdaa8a95d2a9b170b8358cd104
-
SHA256
0eb493b03d26104d9bfe22893cd64d879b469fe35e23c064e44fdc03fe0ddc44
-
SHA512
fe8fff0fcfac27f7647303685ef3416e7801b344b95ce78218b05ced6c160e0daf4e92025e313edb53fe2b9fe2ec087af8d1d1948f5c026665da60c4103c213a
-
SSDEEP
1536:EHfetdklPp+07gDSrB8Xru2zGeJxgawTzpXzrDJrXiJ:IeklMMYJhqezw/pXzH9iJ
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1