General
-
Target
5e31aabaaf50d171148290ae4e6d078b7f03ac5dc0fc575d8e88d4b3f62fe67f_NeikiAnalytics.exe
-
Size
2.1MB
-
Sample
240629-ejmzyszgne
-
MD5
50c4d84b11e5ba1fb4f31b1208fd63c0
-
SHA1
f35149819eaae9b753046c13ba780ef54f77436d
-
SHA256
5e31aabaaf50d171148290ae4e6d078b7f03ac5dc0fc575d8e88d4b3f62fe67f
-
SHA512
fe09a891feeb89d50480f86aad287876d8dbbdb022bd02dffcc230a49cc8310aeea8fc341522eebb6ae3156654985c64913a238b86a6cf7329bfe7af6d5bdc11
-
SSDEEP
6144:9bzJMBbbxaObYsth9va+Z4apldLBk/OLKRfK:b8bbxhkst2+VLDk/OLOf
Behavioral task
behavioral1
Sample
5e31aabaaf50d171148290ae4e6d078b7f03ac5dc0fc575d8e88d4b3f62fe67f_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5e31aabaaf50d171148290ae4e6d078b7f03ac5dc0fc575d8e88d4b3f62fe67f_NeikiAnalytics.exe
-
Size
2.1MB
-
MD5
50c4d84b11e5ba1fb4f31b1208fd63c0
-
SHA1
f35149819eaae9b753046c13ba780ef54f77436d
-
SHA256
5e31aabaaf50d171148290ae4e6d078b7f03ac5dc0fc575d8e88d4b3f62fe67f
-
SHA512
fe09a891feeb89d50480f86aad287876d8dbbdb022bd02dffcc230a49cc8310aeea8fc341522eebb6ae3156654985c64913a238b86a6cf7329bfe7af6d5bdc11
-
SSDEEP
6144:9bzJMBbbxaObYsth9va+Z4apldLBk/OLKRfK:b8bbxhkst2+VLDk/OLOf
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1