General
-
Target
df2e1c07f63950830fae5d554574b650_NeikiAnalytics.exe
-
Size
592KB
-
Sample
240616-hxatbsyajl
-
MD5
df2e1c07f63950830fae5d554574b650
-
SHA1
d6173aba30898a17b4827798b811230f9312b4c2
-
SHA256
bb1a2c1ecf168a2d6bd3475d3f285f317d7d79376774141f13962a374b5bf05a
-
SHA512
d67e353d60dbe348fa5ed026e81fdb29bb0140ea855158b7a32b35598f8e88d8e08ef5723ee8f9553499f1c100a007188a873b6469449e63b09cd7b70f9f937d
-
SSDEEP
12288:swyjwnjUIhRciGcyackqEIcYkC4VaDiGhYCKaqTDi+awjXN2:sELRciGblkqo29AJ2
Static task
static1
Behavioral task
behavioral1
Sample
df2e1c07f63950830fae5d554574b650_NeikiAnalytics.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
df2e1c07f63950830fae5d554574b650_NeikiAnalytics.exe
-
Size
592KB
-
MD5
df2e1c07f63950830fae5d554574b650
-
SHA1
d6173aba30898a17b4827798b811230f9312b4c2
-
SHA256
bb1a2c1ecf168a2d6bd3475d3f285f317d7d79376774141f13962a374b5bf05a
-
SHA512
d67e353d60dbe348fa5ed026e81fdb29bb0140ea855158b7a32b35598f8e88d8e08ef5723ee8f9553499f1c100a007188a873b6469449e63b09cd7b70f9f937d
-
SSDEEP
12288:swyjwnjUIhRciGcyackqEIcYkC4VaDiGhYCKaqTDi+awjXN2:sELRciGblkqo29AJ2
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Pre-OS Boot
1Bootkit
1