General

  • Target

    3277a8923a3cf1d4fae5a7a267b75100_NeikiAnalytics

  • Size

    2.5MB

  • Sample

    240510-a5llssca89

  • MD5

    3277a8923a3cf1d4fae5a7a267b75100

  • SHA1

    488d8ecdec6f65c69351536cd6c8fe966a547f4d

  • SHA256

    30472889c5eb89189482b00e2730949b690694351021b4a089e296c23812763c

  • SHA512

    babacc9d98608105070ee7af18c900f507ba122ce5caade7dfe833609f56198f652cc7a3528c2bfb5be0c51808815aa8430d6e5294c7b3ba8d8309426ad966f2

  • SSDEEP

    49152:OO3HZohCbTCJ1J9xKCnFnQXBbrtgb/iQvu0UHOag4:OO3ZohC6JRxvWbrtUTrUHOW

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      3277a8923a3cf1d4fae5a7a267b75100_NeikiAnalytics

    • Size

      2.5MB

    • MD5

      3277a8923a3cf1d4fae5a7a267b75100

    • SHA1

      488d8ecdec6f65c69351536cd6c8fe966a547f4d

    • SHA256

      30472889c5eb89189482b00e2730949b690694351021b4a089e296c23812763c

    • SHA512

      babacc9d98608105070ee7af18c900f507ba122ce5caade7dfe833609f56198f652cc7a3528c2bfb5be0c51808815aa8430d6e5294c7b3ba8d8309426ad966f2

    • SSDEEP

      49152:OO3HZohCbTCJ1J9xKCnFnQXBbrtgb/iQvu0UHOag4:OO3ZohC6JRxvWbrtUTrUHOW

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.