General
-
Target
1dfe037bfb2e4ddde09deaa2c144f36e7c3126d073056f8cdb32f53e8822ded7_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240628-1fh3gssfqc
-
MD5
fb3faf9cd45c08e2061099bd3492c9f0
-
SHA1
e09f13b82cff2d6855f3166fff0bb0d5a48bc60e
-
SHA256
1dfe037bfb2e4ddde09deaa2c144f36e7c3126d073056f8cdb32f53e8822ded7
-
SHA512
cd21b7b6329790fe19f7d96a616fbbc46d331c7a2ca5e60209b7ee81e2d0ce2524123bdd9ebfc185718c2c530aaee2b6677c5a24bb2a5874d2eadea40efe70d6
-
SSDEEP
3072:Ns+f+jogMHc5MXxhffRN+i+U6Wq7CqkL:HxJfffH0vW
Static task
static1
Behavioral task
behavioral1
Sample
1dfe037bfb2e4ddde09deaa2c144f36e7c3126d073056f8cdb32f53e8822ded7_NeikiAnalytics.dll
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1dfe037bfb2e4ddde09deaa2c144f36e7c3126d073056f8cdb32f53e8822ded7_NeikiAnalytics.exe
-
Size
120KB
-
MD5
fb3faf9cd45c08e2061099bd3492c9f0
-
SHA1
e09f13b82cff2d6855f3166fff0bb0d5a48bc60e
-
SHA256
1dfe037bfb2e4ddde09deaa2c144f36e7c3126d073056f8cdb32f53e8822ded7
-
SHA512
cd21b7b6329790fe19f7d96a616fbbc46d331c7a2ca5e60209b7ee81e2d0ce2524123bdd9ebfc185718c2c530aaee2b6677c5a24bb2a5874d2eadea40efe70d6
-
SSDEEP
3072:Ns+f+jogMHc5MXxhffRN+i+U6Wq7CqkL:HxJfffH0vW
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1