General
-
Target
ae9a27048d9f1d5527d52d5719408d396d3b79e37431e69fd83d72e44bd7d615_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240629-rdmhfssbkk
-
MD5
8e32947621315103c67d75cf6818f860
-
SHA1
f6c41a3bd53c74e30e24f23c113a96884cdcd03a
-
SHA256
ae9a27048d9f1d5527d52d5719408d396d3b79e37431e69fd83d72e44bd7d615
-
SHA512
11a3f1d1646fdd2ddfa9a74b96c67caf5f4697c97255eeaf861343125ae18541c484829bcc19f161bff2530e2c0fe51e5c88a521847b056e739a6f2c7ab9437d
-
SSDEEP
3072:YkDeeuRRFMUEt4gEc2fk2eQNbbnhh8fK:YYp2K6cFgLhkK
Static task
static1
Behavioral task
behavioral1
Sample
ae9a27048d9f1d5527d52d5719408d396d3b79e37431e69fd83d72e44bd7d615_NeikiAnalytics.dll
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ae9a27048d9f1d5527d52d5719408d396d3b79e37431e69fd83d72e44bd7d615_NeikiAnalytics.exe
-
Size
120KB
-
MD5
8e32947621315103c67d75cf6818f860
-
SHA1
f6c41a3bd53c74e30e24f23c113a96884cdcd03a
-
SHA256
ae9a27048d9f1d5527d52d5719408d396d3b79e37431e69fd83d72e44bd7d615
-
SHA512
11a3f1d1646fdd2ddfa9a74b96c67caf5f4697c97255eeaf861343125ae18541c484829bcc19f161bff2530e2c0fe51e5c88a521847b056e739a6f2c7ab9437d
-
SSDEEP
3072:YkDeeuRRFMUEt4gEc2fk2eQNbbnhh8fK:YYp2K6cFgLhkK
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1