General
-
Target
152cc4fa75933ecd141cb307b1bbfd79ce06778039b061fb06eaa7ce4e68d61f_NeikiAnalytics.exe
-
Size
65KB
-
Sample
240630-a879za1bqh
-
MD5
9a66bb1eb629e77105ae2b5a586bdd50
-
SHA1
f33e831820f6214b4cabbc027f005cfbe8c5b592
-
SHA256
152cc4fa75933ecd141cb307b1bbfd79ce06778039b061fb06eaa7ce4e68d61f
-
SHA512
a892a34633134e8ac9061939a18d0cf79978f0e02b1b611b187ed7e670303f40d9021da0361ab1e8fe8a9dd8d0010b66f6bfc007b8f096a92de9235a09b951e2
-
SSDEEP
1536:0INtngUfE73bmoIkFupEESb1hlkNqeFhDtkbZ0oNH:0ILgkw2uuj0TH
Static task
static1
Behavioral task
behavioral1
Sample
152cc4fa75933ecd141cb307b1bbfd79ce06778039b061fb06eaa7ce4e68d61f_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
152cc4fa75933ecd141cb307b1bbfd79ce06778039b061fb06eaa7ce4e68d61f_NeikiAnalytics.exe
-
Size
65KB
-
MD5
9a66bb1eb629e77105ae2b5a586bdd50
-
SHA1
f33e831820f6214b4cabbc027f005cfbe8c5b592
-
SHA256
152cc4fa75933ecd141cb307b1bbfd79ce06778039b061fb06eaa7ce4e68d61f
-
SHA512
a892a34633134e8ac9061939a18d0cf79978f0e02b1b611b187ed7e670303f40d9021da0361ab1e8fe8a9dd8d0010b66f6bfc007b8f096a92de9235a09b951e2
-
SSDEEP
1536:0INtngUfE73bmoIkFupEESb1hlkNqeFhDtkbZ0oNH:0ILgkw2uuj0TH
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1