Overview
overview
10Static
static
37ad39bfaf9...cs.exe
windows7-x64
107ad39bfaf9...cs.exe
windows10-2004-x64
10$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3Delphi.NET...Acc.js
windows7-x64
3Delphi.NET...Acc.js
windows10-2004-x64
3Delphi.NET...Acc.js
windows7-x64
3Delphi.NET...Acc.js
windows10-2004-x64
3Delphi.NET...Acc.js
windows7-x64
3Delphi.NET...Acc.js
windows10-2004-x64
3Delphi.NET...Acc.js
windows7-x64
3Delphi.NET...Acc.js
windows10-2004-x64
3MemAcc.vbs
windows7-x64
1MemAcc.vbs
windows10-2004-x64
1MemAcc.chm
windows7-x64
1MemAcc.chm
windows10-2004-x64
1MemAcc.js
windows7-x64
3MemAcc.js
windows10-2004-x64
3MemAcc.pdf
windows7-x64
1MemAcc.pdf
windows10-2004-x64
1MemAcc.vbs
windows7-x64
1MemAcc.vbs
windows10-2004-x64
1Redist/MemAcc.sys
windows7-x64
1Redist/MemAcc.sys
windows10-2004-x64
1VB.NET/BIO...cc.vbs
windows7-x64
1VB.NET/BIO...cc.vbs
windows10-2004-x64
1General
-
Target
7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d_NeikiAnalytics.exe
-
Size
733KB
-
Sample
240629-hnhgtasgqe
-
MD5
0a1ad78b7445d452a8b9e30cc96f3e20
-
SHA1
0fb048733f46346a769a32a367e1d9341856899c
-
SHA256
7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d
-
SHA512
991be91a3a4eb44d31bc6f6cf638ee29aee42e8ea470b5ce546e63689f8cf874c377850239986b8f575ce947704028a6e2855c68c5726d8ccf9b7e5b974ffd08
-
SSDEEP
12288:baxvpA0aa6nJ6Jl3+4tdqoeBcVgaOZi85uGgGn47nX6SoJb0CbPcgIsHwrdU68qO:baQBnJgl3+42BcVtOZiDPG6KSm4CrcX8
Behavioral task
behavioral1
Sample
7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Delphi.NET/BIOSData/Zeal.MemAcc.js
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Delphi.NET/BIOSData/Zeal.MemAcc.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Delphi.NET/Map/Zeal.MemAcc.js
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Delphi.NET/Map/Zeal.MemAcc.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Delphi.NET/MemTest/Zeal.MemAcc.js
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
Delphi.NET/MemTest/Zeal.MemAcc.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Delphi.NET/PCI/Zeal.MemAcc.js
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
Delphi.NET/PCI/Zeal.MemAcc.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
MemAcc.vbs
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
MemAcc.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
MemAcc.chm
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
MemAcc.chm
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
MemAcc.js
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
MemAcc.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
MemAcc.pdf
Resource
win7-20240419-en
Behavioral task
behavioral26
Sample
MemAcc.pdf
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
MemAcc.vbs
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
MemAcc.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Redist/MemAcc.sys
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
Redist/MemAcc.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
VB.NET/BIOSData/MemAcc.vbs
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
VB.NET/BIOSData/MemAcc.vbs
Resource
win10v2004-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d_NeikiAnalytics.exe
-
Size
733KB
-
MD5
0a1ad78b7445d452a8b9e30cc96f3e20
-
SHA1
0fb048733f46346a769a32a367e1d9341856899c
-
SHA256
7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d
-
SHA512
991be91a3a4eb44d31bc6f6cf638ee29aee42e8ea470b5ce546e63689f8cf874c377850239986b8f575ce947704028a6e2855c68c5726d8ccf9b7e5b974ffd08
-
SSDEEP
12288:baxvpA0aa6nJ6Jl3+4tdqoeBcVgaOZi85uGgGn47nX6SoJb0CbPcgIsHwrdU68qO:baQBnJgl3+42BcVtOZiDPG6KSm4CrcX8
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
d61d6c709e7947296603059f8bedeba9
-
SHA1
bdcfc90c358c82be43ef85727a7bdfebbd6d1b69
-
SHA256
65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63
-
SHA512
ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b
-
SSDEEP
384:sKlm7i+c3QW6ckPhyDEaLnL2bbBBIXwZ:5qi8BcyhEhLibbTI
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
6KB
-
MD5
a6978ea99297c941d02d88fa873150d9
-
SHA1
4e1fd5c2f7291daef4d817b12bc7bfa432a90013
-
SHA256
a5c5012191015659684fc19b5e8ec7d33837b25c607f0f9dbfd46c10b8baeb17
-
SHA512
8caf697317e6f9e83bbb0ee15a87ec56be3b08aaea9f7fb64fa65dd111bcfde5a8d25c7ef58fa1aa464ba5f9d4e365d9d8d3763cda17b4f3223418adf9a25000
-
SSDEEP
96:g1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5YnhElMmV4d:4ep2w5k/FyEt2gN
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
da802677276c27b430cfb11c9da0bed2
-
SHA1
6893b15fdd34fae3d35bc5b01355a5a919dd9a7b
-
SHA256
756861c52304402a3fc2e0fc9f3ecc8ebb546916fc2812f1df5f2e63da1c5a82
-
SHA512
0b212788ccca336fe228335189ec3bd0dc207c296cf3b219a88511c44735f8e1913bf745699be0f29078a47adc0442e4ff891c0877541ccbcfa1ad5e4dc1b187
-
SSDEEP
192:XOycJo/rJVCmIDNLU0dq5RD00lspbub76HL:B/QQ0d0RD0USq/6H
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
8313b80c993dbf27b4b50d0a718f0913
-
SHA1
810972ca1b6587dbaf88192874bb9441db296429
-
SHA256
88829c8846c7059e499a15cb5abcddfcab63b56c19510d7a4cc418a4d9d742ba
-
SHA512
a53eda5f749102fa4ab1e8e916ad6fcc3e5563f28632f7b771413cdc6b3ec31d2d898ab3802ab047a8d8af5ebac445194a78ec38e7d20479e0f36cf8e81bb0df
Score3/10 -
-
-
Target
Delphi.NET/BIOSData/Zeal.MemAcc.pas
-
Size
4KB
-
MD5
4162eaba541682469b139845a599b7fa
-
SHA1
91378edf5f7923ad300c7340da99ee89a41a8e30
-
SHA256
f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
-
SHA512
d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
-
SSDEEP
96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score3/10 -
-
-
Target
Delphi.NET/Map/Zeal.MemAcc.pas
-
Size
4KB
-
MD5
4162eaba541682469b139845a599b7fa
-
SHA1
91378edf5f7923ad300c7340da99ee89a41a8e30
-
SHA256
f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
-
SHA512
d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
-
SSDEEP
96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score3/10 -
-
-
Target
Delphi.NET/MemTest/Zeal.MemAcc.pas
-
Size
4KB
-
MD5
4162eaba541682469b139845a599b7fa
-
SHA1
91378edf5f7923ad300c7340da99ee89a41a8e30
-
SHA256
f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
-
SHA512
d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
-
SSDEEP
96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score3/10 -
-
-
Target
Delphi.NET/PCI/Zeal.MemAcc.pas
-
Size
4KB
-
MD5
4162eaba541682469b139845a599b7fa
-
SHA1
91378edf5f7923ad300c7340da99ee89a41a8e30
-
SHA256
f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
-
SHA512
d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
-
SSDEEP
96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score3/10 -
-
-
Target
MemAcc.bas
-
Size
4KB
-
MD5
888df58d9494d28133a32bed0021c7b9
-
SHA1
9d8b924f6ff6a9c4c38e4e3d40bbafe1fe4f29fb
-
SHA256
6174e3d3a0fd4f31b7910fcc46d271301ae51a2fb6ae84de7d538c703cf4e759
-
SHA512
9e4a3007515368b8c0897cd21c3332179d92d5903c276f8287bd803074637ca5f41032d73cc818eacf5860a39af345fe586551e7491b1d6fa0f917d0cb7377af
-
SSDEEP
96:EjrIXJp1s8fCte8nQbc4OhfizlCP19HWaNiIM6YRzuLZxSv:EMZbs8fCNnQQ4Cg73v
Score1/10 -
-
-
Target
MemAcc.chm
-
Size
169KB
-
MD5
a147cd9e5103697e3f485786b7da195a
-
SHA1
f686d395b3eecf513b2e1948c5f141b1f01db761
-
SHA256
fa5b1f5edfb01288386ac40e18dd4eecbe8c8533e4247926889a661a53aacab9
-
SHA512
35fd7cc413ae02a12e292b199ce0c66756c883565f0c656763a5f58000e97d3611f1c97a7aa2c59322a135c878fb6a1e7c4d575b92e9e749669b1c3351013014
-
SSDEEP
3072:5TKJnIOXCxKjON7JbmWve4T6XPvOsudxTR9oGQSZlEDI7jQ:5AIOXCxK2hmgheXXidhlQSZ2DYk
Score1/10 -
-
-
Target
MemAcc.pas
-
Size
3KB
-
MD5
25099c0b626e56b1497dc9d6fd574a89
-
SHA1
014ef98f2f6a25332925a027aa5f1c5ae3a0c647
-
SHA256
8f8ea098e0346865bdd3e5263feb1145439f661782b810831908d75adacc1c8e
-
SHA512
93fb2e97249d14817d5b788d1e235faea149b040683dde8431811543c8e56f04162c3bae1c192271a2d3f82ea59d4d16760d7ced94136f9299ef1c7f0319db21
Score3/10 -
-
-
Target
MemAcc.pdf
-
Size
215KB
-
MD5
25ce1aa840894854c2ce0ed9a6bfa718
-
SHA1
e38ce0aacfbae37c325319d62a085327a680e2d0
-
SHA256
c403f8dbaf34897bb285ec891f0989f33c8ed36a4dc278996c6ac7d4a7ea7ccb
-
SHA512
e8177cb561259f05f30f0b4e08afeb52b7b8186610251460bd08c85b72891542c8c4c0db9f44e34957e7ee50853ce2c413d3257a0c7c3c6759f3f39af21fb9bb
-
SSDEEP
6144:05+mtFQUe23/ckJ+LDNBNYEUpGSDdTYhULhDHQCdLw:4+mPPe23/3IezGSDdTYhUVDH/U
Score1/10 -
-
-
Target
MemAcc.vb
-
Size
5KB
-
MD5
dada735ece043078b3baf4facb722fd9
-
SHA1
ce8448c86f2a0fd5da6c36275b166e1ced9d095a
-
SHA256
96365999210fbcb363886042246adff00df204fa272050eec715bde543ccc033
-
SHA512
90f44633017a281e62594feda8f86777e8d9fc0435a520c1010af9551342eb36cd32da0366ff1f3b76edde70bb175faff314a780a50bd48c8260b3cc9a2b5c24
-
SSDEEP
96:IzBmzitcvbhdK4O7sr0z9TnxcI4+M6G5E7VtX19jlhnxax:wtmw4YStE/lhnAx
Score1/10 -
-
-
Target
Redist/MemAcc.sys
-
Size
14KB
-
MD5
952a0d3b692314776b5e8eef1e9b5164
-
SHA1
c6259c0ac4fc341e3658f3e7bfb4fef6053d3c00
-
SHA256
a302435582ebe312c38dd309ae7e4cd445c447c7fae5d0d2c826c193fe3bf86f
-
SHA512
a1ade2c8902e5c9d1e3f72b5b46e61d655da836b5ecd974728350ea1e53d557efd29982b67bff24c158feaeae2e97b083ff7a8721da2540e34cee0d4f516b61b
-
SSDEEP
384:201FdpOU9e7Vl/S9aXcRedU67pezCGXTAOkucMl7SwMcEnKrVtQS0vdetz:JFdpOU9e7Vl/S9aXcRedU67pezClOkuz
Score1/10 -
-
-
Target
VB.NET/BIOSData/MemAcc.vb
-
Size
5KB
-
MD5
dada735ece043078b3baf4facb722fd9
-
SHA1
ce8448c86f2a0fd5da6c36275b166e1ced9d095a
-
SHA256
96365999210fbcb363886042246adff00df204fa272050eec715bde543ccc033
-
SHA512
90f44633017a281e62594feda8f86777e8d9fc0435a520c1010af9551342eb36cd32da0366ff1f3b76edde70bb175faff314a780a50bd48c8260b3cc9a2b5c24
-
SSDEEP
96:IzBmzitcvbhdK4O7sr0z9TnxcI4+M6G5E7VtX19jlhnxax:wtmw4YStE/lhnAx
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
7Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1