General
-
Target
2b36ed5591854c78ad24fd72ae32a06d730b34ec60a9559c98fb8af8ed69b8e1_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240701-bwlqwavhkn
-
MD5
f63adb8e3a7940e91f9f02fccac58630
-
SHA1
c7dc50add0c0fcf906e5a720615740eb8080e497
-
SHA256
2b36ed5591854c78ad24fd72ae32a06d730b34ec60a9559c98fb8af8ed69b8e1
-
SHA512
e8715770167a82a17124b53a4f803aa8605a12c12f6780b67b8e20e53a136e3ce13f5b3460f51a2c52414db6727f84501174e4bc70e44ecfdcd69c840a33691a
-
SSDEEP
1536:3OWKOYJHkgxuMUO7p3Ib8ggO9uahkYedNistxU52Zm98jKsYZB39gD60:3OWEHkO37Kb3/oYedN652oL79
Static task
static1
Behavioral task
behavioral1
Sample
2b36ed5591854c78ad24fd72ae32a06d730b34ec60a9559c98fb8af8ed69b8e1_NeikiAnalytics.dll
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2b36ed5591854c78ad24fd72ae32a06d730b34ec60a9559c98fb8af8ed69b8e1_NeikiAnalytics.exe
-
Size
120KB
-
MD5
f63adb8e3a7940e91f9f02fccac58630
-
SHA1
c7dc50add0c0fcf906e5a720615740eb8080e497
-
SHA256
2b36ed5591854c78ad24fd72ae32a06d730b34ec60a9559c98fb8af8ed69b8e1
-
SHA512
e8715770167a82a17124b53a4f803aa8605a12c12f6780b67b8e20e53a136e3ce13f5b3460f51a2c52414db6727f84501174e4bc70e44ecfdcd69c840a33691a
-
SSDEEP
1536:3OWKOYJHkgxuMUO7p3Ib8ggO9uahkYedNistxU52Zm98jKsYZB39gD60:3OWEHkO37Kb3/oYedN652oL79
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1