General
-
Target
9caaa5c0ae153ce2735159f38886173433f3fecb5294a7dd074cefa4ed20bfb5_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240629-l6qgxsvfrf
-
MD5
f7034aba512b664377a6ca35e0fd8570
-
SHA1
daf966ae376e9ed81752a153c6632f77385787ad
-
SHA256
9caaa5c0ae153ce2735159f38886173433f3fecb5294a7dd074cefa4ed20bfb5
-
SHA512
6adbd5e8d5c54125c31f7b33465cdaf52a236dc39ba7e927e911ab7105cd7c1757285d24a2aa642a5c01995d05f98c422715376088b2a7d94ca293f3f43a8f3d
-
SSDEEP
3072:mBCP/9/mpCwXg8Uxumn9QcfGXtQoFzNelJ8xHW:Qi/ZmBNfmySgNelJM
Static task
static1
Behavioral task
behavioral1
Sample
9caaa5c0ae153ce2735159f38886173433f3fecb5294a7dd074cefa4ed20bfb5_NeikiAnalytics.dll
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9caaa5c0ae153ce2735159f38886173433f3fecb5294a7dd074cefa4ed20bfb5_NeikiAnalytics.exe
-
Size
120KB
-
MD5
f7034aba512b664377a6ca35e0fd8570
-
SHA1
daf966ae376e9ed81752a153c6632f77385787ad
-
SHA256
9caaa5c0ae153ce2735159f38886173433f3fecb5294a7dd074cefa4ed20bfb5
-
SHA512
6adbd5e8d5c54125c31f7b33465cdaf52a236dc39ba7e927e911ab7105cd7c1757285d24a2aa642a5c01995d05f98c422715376088b2a7d94ca293f3f43a8f3d
-
SSDEEP
3072:mBCP/9/mpCwXg8Uxumn9QcfGXtQoFzNelJ8xHW:Qi/ZmBNfmySgNelJM
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1