General
-
Target
7f505ddd3c5265692b72a1744392f9700cc09162233943912bf09bdd4e4ed658_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240629-h6yazsweql
-
MD5
55c3ecd2e70ddf0891e6c71d8b57d590
-
SHA1
16a4c0a5f8c88076acd53f8f6d8706a43838227a
-
SHA256
7f505ddd3c5265692b72a1744392f9700cc09162233943912bf09bdd4e4ed658
-
SHA512
ed0acc40f73e9fbc8f8b828bf0e6269686c5f554aebf61273f7400db605d11ef7e08cc0675b2754db5f3e52bf5a20e5130fd0af342a6a16729b9f8644456d519
-
SSDEEP
3072:84EWK3jjN0rQhFGm4r2kU5eN4ShLoFuPYdqaHIPYyPV:FK3jh0raGmU2kYemSh3ypy9
Static task
static1
Behavioral task
behavioral1
Sample
7f505ddd3c5265692b72a1744392f9700cc09162233943912bf09bdd4e4ed658_NeikiAnalytics.dll
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7f505ddd3c5265692b72a1744392f9700cc09162233943912bf09bdd4e4ed658_NeikiAnalytics.exe
-
Size
120KB
-
MD5
55c3ecd2e70ddf0891e6c71d8b57d590
-
SHA1
16a4c0a5f8c88076acd53f8f6d8706a43838227a
-
SHA256
7f505ddd3c5265692b72a1744392f9700cc09162233943912bf09bdd4e4ed658
-
SHA512
ed0acc40f73e9fbc8f8b828bf0e6269686c5f554aebf61273f7400db605d11ef7e08cc0675b2754db5f3e52bf5a20e5130fd0af342a6a16729b9f8644456d519
-
SSDEEP
3072:84EWK3jjN0rQhFGm4r2kU5eN4ShLoFuPYdqaHIPYyPV:FK3jh0raGmU2kYemSh3ypy9
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1