General
-
Target
15cc6d7b93241da8f546d5139403c930_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240609-h5pbpagc27
-
MD5
15cc6d7b93241da8f546d5139403c930
-
SHA1
23e7754d24f4446cb56dd6b2b7b6f7b70a5fd1f3
-
SHA256
b580cfffca36cec9eda94d1bfdaf403bed80ef8083f392e7725e7312d3bdf19b
-
SHA512
72d5ba1bbfeeb053f3a9586953090bbc33f9b7f24afa3fc5f9b0c9fd7cf8c492a562963961006ec039b70eaa00e4d8ba8a2bc60e93ca0b15f7e014e387addb9b
-
SSDEEP
3072:M82Fdl17gLJ+/A5kRNEDopHtz/CdyWmkULjwQOnPQDS:3il17VMkRNEEpdCddLULeQ
Static task
static1
Behavioral task
behavioral1
Sample
15cc6d7b93241da8f546d5139403c930_NeikiAnalytics.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
15cc6d7b93241da8f546d5139403c930_NeikiAnalytics.exe
-
Size
120KB
-
MD5
15cc6d7b93241da8f546d5139403c930
-
SHA1
23e7754d24f4446cb56dd6b2b7b6f7b70a5fd1f3
-
SHA256
b580cfffca36cec9eda94d1bfdaf403bed80ef8083f392e7725e7312d3bdf19b
-
SHA512
72d5ba1bbfeeb053f3a9586953090bbc33f9b7f24afa3fc5f9b0c9fd7cf8c492a562963961006ec039b70eaa00e4d8ba8a2bc60e93ca0b15f7e014e387addb9b
-
SSDEEP
3072:M82Fdl17gLJ+/A5kRNEDopHtz/CdyWmkULjwQOnPQDS:3il17VMkRNEEpdCddLULeQ
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3