General
-
Target
658f84f1b964852cb4f6a97d008a005b62cc4bc164d040b97db1362f87bba799_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240629-fd7b3s1dqa
-
MD5
b55cbeba6b169273080a0ce70477f960
-
SHA1
afaaf28e22055e0d74390908e59bba9081fe7ef0
-
SHA256
658f84f1b964852cb4f6a97d008a005b62cc4bc164d040b97db1362f87bba799
-
SHA512
e9051d45f87d6b2e816a01e856e5ebeca06da99cc43a6505f3f34671c3a3659913f1b1356b2112d931794eaaf1c48569001e64cfcd1fc52d83023f137eb150b5
-
SSDEEP
3072:LSysEb9tffDVDF3FUeUfSFKtmhyf8svJe0:LflnnDVDFVUeUf4hE8svn
Static task
static1
Behavioral task
behavioral1
Sample
658f84f1b964852cb4f6a97d008a005b62cc4bc164d040b97db1362f87bba799_NeikiAnalytics.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
658f84f1b964852cb4f6a97d008a005b62cc4bc164d040b97db1362f87bba799_NeikiAnalytics.exe
-
Size
120KB
-
MD5
b55cbeba6b169273080a0ce70477f960
-
SHA1
afaaf28e22055e0d74390908e59bba9081fe7ef0
-
SHA256
658f84f1b964852cb4f6a97d008a005b62cc4bc164d040b97db1362f87bba799
-
SHA512
e9051d45f87d6b2e816a01e856e5ebeca06da99cc43a6505f3f34671c3a3659913f1b1356b2112d931794eaaf1c48569001e64cfcd1fc52d83023f137eb150b5
-
SSDEEP
3072:LSysEb9tffDVDF3FUeUfSFKtmhyf8svJe0:LflnnDVDFVUeUf4hE8svn
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1