General
-
Target
a35b70123a19b4cf11e0b1d23aeb9fac45f3fd718954257fbd77ddbc6e6e4068_NeikiAnalytics.exe
-
Size
4.3MB
-
Sample
240629-mr6q2awbme
-
MD5
d4d07631aa9bbf8c0e2faec8b030e060
-
SHA1
ba9aebaeb1af97210988b896e317bed2405fc5a5
-
SHA256
a35b70123a19b4cf11e0b1d23aeb9fac45f3fd718954257fbd77ddbc6e6e4068
-
SHA512
6380a43a4006e7e3cca530a1925bb5919d2776e38fa50362d20eef5ed16af31ce381f4ad2e651f6bd53378bcd8c74a0c2c1848b142e3a727b3c91eb822eefb3e
-
SSDEEP
6144:gTv+GxxjGVW/dlNMO4atTBpWGBICUWv72eBrrNF:O+U5g+dGatTzpTfb
Static task
static1
Behavioral task
behavioral1
Sample
a35b70123a19b4cf11e0b1d23aeb9fac45f3fd718954257fbd77ddbc6e6e4068_NeikiAnalytics.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
a35b70123a19b4cf11e0b1d23aeb9fac45f3fd718954257fbd77ddbc6e6e4068_NeikiAnalytics.exe
-
Size
4.3MB
-
MD5
d4d07631aa9bbf8c0e2faec8b030e060
-
SHA1
ba9aebaeb1af97210988b896e317bed2405fc5a5
-
SHA256
a35b70123a19b4cf11e0b1d23aeb9fac45f3fd718954257fbd77ddbc6e6e4068
-
SHA512
6380a43a4006e7e3cca530a1925bb5919d2776e38fa50362d20eef5ed16af31ce381f4ad2e651f6bd53378bcd8c74a0c2c1848b142e3a727b3c91eb822eefb3e
-
SSDEEP
6144:gTv+GxxjGVW/dlNMO4atTBpWGBICUWv72eBrrNF:O+U5g+dGatTzpTfb
-
Modifies firewall policy service
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1