General
-
Target
900c46691b48d7632d00410e41bcb64379ebff3d59af95be5463ce66fbfc9be9_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240629-ktw89sxdlm
-
MD5
06d552d79c8c49d814b9d37d609f2e30
-
SHA1
80ea275aae6173d90f695b759aacc5220c2e44d6
-
SHA256
900c46691b48d7632d00410e41bcb64379ebff3d59af95be5463ce66fbfc9be9
-
SHA512
e65bf51e2c9fc016cfdc399fdbd46233629e2830cffdfd449eb02999e157b790105ff94cb4fece48ba6ed9d16c90830acc64e794dc86a1b74682cd6b679d52dc
-
SSDEEP
1536:VCn+rJBiAiu+UZ0oKPJ+/p+My7IoYAvJHEmB+BFCbnM+PdW/IoyZ6aRHs6PpXl84:VSAPPKPJM8My9REibnM+P4IpMwpXmb
Static task
static1
Behavioral task
behavioral1
Sample
900c46691b48d7632d00410e41bcb64379ebff3d59af95be5463ce66fbfc9be9_NeikiAnalytics.dll
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
900c46691b48d7632d00410e41bcb64379ebff3d59af95be5463ce66fbfc9be9_NeikiAnalytics.exe
-
Size
120KB
-
MD5
06d552d79c8c49d814b9d37d609f2e30
-
SHA1
80ea275aae6173d90f695b759aacc5220c2e44d6
-
SHA256
900c46691b48d7632d00410e41bcb64379ebff3d59af95be5463ce66fbfc9be9
-
SHA512
e65bf51e2c9fc016cfdc399fdbd46233629e2830cffdfd449eb02999e157b790105ff94cb4fece48ba6ed9d16c90830acc64e794dc86a1b74682cd6b679d52dc
-
SSDEEP
1536:VCn+rJBiAiu+UZ0oKPJ+/p+My7IoYAvJHEmB+BFCbnM+PdW/IoyZ6aRHs6PpXl84:VSAPPKPJM8My9REibnM+P4IpMwpXmb
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1