General

  • Target

    814e0f704615229206c32d32fb6bcc30_NeikiAnalytics.exe

  • Size

    22KB

  • Sample

    240613-q3ecps1eqe

  • MD5

    814e0f704615229206c32d32fb6bcc30

  • SHA1

    bc85e75864f44c4d1c18c36d161794e2fae99e8f

  • SHA256

    29e07432f1cbd3ceec43ff2e924c5c25241b748c2a29346dfa2bbb6d283b35c0

  • SHA512

    2a75b394642a4d82327f4b176c2409efce41c43a0262f4ab7704192024b3078bc1356a41d31b7a607ba28dfdfb089bbc95ab5db8c43d8f14d5d9e6cc73f02fd4

  • SSDEEP

    384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvX8Mb7a6Za4k:rRkiLw3HsDSARGG/MMb7rE

Malware Config

Targets

    • Target

      814e0f704615229206c32d32fb6bcc30_NeikiAnalytics.exe

    • Size

      22KB

    • MD5

      814e0f704615229206c32d32fb6bcc30

    • SHA1

      bc85e75864f44c4d1c18c36d161794e2fae99e8f

    • SHA256

      29e07432f1cbd3ceec43ff2e924c5c25241b748c2a29346dfa2bbb6d283b35c0

    • SHA512

      2a75b394642a4d82327f4b176c2409efce41c43a0262f4ab7704192024b3078bc1356a41d31b7a607ba28dfdfb089bbc95ab5db8c43d8f14d5d9e6cc73f02fd4

    • SSDEEP

      384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvX8Mb7a6Za4k:rRkiLw3HsDSARGG/MMb7rE

    • Windows security bypass

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

5
T1112

Tasks