General
-
Target
5c8b82efbe08bc1ace58f4b18d452170_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240516-3vh25sfb31
-
MD5
5c8b82efbe08bc1ace58f4b18d452170
-
SHA1
8113f162446f8379bc10ff7f077b4a82e453427c
-
SHA256
ff77211b6940e2fcf655b36c521a73be459b36d1940be93cd5b5f4debb9da5fc
-
SHA512
f09fadb659beab0ee78220d399e74960d1520847b24e16157132c3a079e693216329ea241753cf0d95a712741ec578e8465dad29eb746cc00e528fcd6ae7e540
-
SSDEEP
3072:TTzj7qGxGE+rPDJtRjhFGVAkYGLkmz02K39O:TTjlGjPvCnY8Q2
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5c8b82efbe08bc1ace58f4b18d452170_NeikiAnalytics.exe
-
Size
120KB
-
MD5
5c8b82efbe08bc1ace58f4b18d452170
-
SHA1
8113f162446f8379bc10ff7f077b4a82e453427c
-
SHA256
ff77211b6940e2fcf655b36c521a73be459b36d1940be93cd5b5f4debb9da5fc
-
SHA512
f09fadb659beab0ee78220d399e74960d1520847b24e16157132c3a079e693216329ea241753cf0d95a712741ec578e8465dad29eb746cc00e528fcd6ae7e540
-
SSDEEP
3072:TTzj7qGxGE+rPDJtRjhFGVAkYGLkmz02K39O:TTjlGjPvCnY8Q2
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5