28a51953c0093c1c6652e8ba88ee5924438e0f8306fc4e9ec3e822511e13b6ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28a51953c0093c1c6652e8ba88ee5924438e0f8306fc4e9ec3e822511e13b6ad_NeikiAnalytics.exe
Size

355KB
Sample

240624-bl84eswcrk
MD5

59c31de796eb1578bf7684d800b4bb70
SHA1

cb03dadf43a76cd1b0b711d18a3dc4bd4cf1baf3
SHA256

28a51953c0093c1c6652e8ba88ee5924438e0f8306fc4e9ec3e822511e13b6ad
SHA512

c8b53d90f3740101a38874b01a06cb15650037fd1b531c38f3b5ce7ca191c51ec4662936a0bd427632b56f6f74d50bebaf812db00694c83da26f409638a7c7fb
SSDEEP

6144:b3EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:4mWhND9yJz+b1FcMLmp2ATTSsdS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  28a51953c0093c1c6652e8ba88ee5924438e0f8306fc4e9ec3e822511e13b6ad_NeikiAnalytics.exe
- Size
  
  355KB
- MD5
  
  59c31de796eb1578bf7684d800b4bb70
- SHA1
  
  cb03dadf43a76cd1b0b711d18a3dc4bd4cf1baf3
- SHA256
  
  28a51953c0093c1c6652e8ba88ee5924438e0f8306fc4e9ec3e822511e13b6ad
- SHA512
  
  c8b53d90f3740101a38874b01a06cb15650037fd1b531c38f3b5ce7ca191c51ec4662936a0bd427632b56f6f74d50bebaf812db00694c83da26f409638a7c7fb
- SSDEEP
  
  6144:b3EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:4mWhND9yJz+b1FcMLmp2ATTSsdS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2