General
-
Target
e33d87abe6e88cb32af5d7981b533b90_NeikiAnalytics
-
Size
88KB
-
Sample
240516-swfcjaba5x
-
MD5
e33d87abe6e88cb32af5d7981b533b90
-
SHA1
7b784dfede011448ead228c593507264a550722e
-
SHA256
1ed3766d83aaf74d7b453c28a4ed48ac3ae083120c6c76d294f59e7b995e634e
-
SHA512
f8bb9edf7f31c6a33d637b669236b2e342ccec7f157c954c5abc08777da0d64017758d38a5701c6cacaa82261d8b01cd1d72c9eb2d8263f919567222f53c07e7
-
SSDEEP
1536:JTkdAzUYFhyBvnZwtIEWizIr2FfGcCjGuFv1lQJKyN065KiyhQ5:JI8UYFonZwtIgFfGcOLQJKGKiy+5
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
e33d87abe6e88cb32af5d7981b533b90_NeikiAnalytics
-
Size
88KB
-
MD5
e33d87abe6e88cb32af5d7981b533b90
-
SHA1
7b784dfede011448ead228c593507264a550722e
-
SHA256
1ed3766d83aaf74d7b453c28a4ed48ac3ae083120c6c76d294f59e7b995e634e
-
SHA512
f8bb9edf7f31c6a33d637b669236b2e342ccec7f157c954c5abc08777da0d64017758d38a5701c6cacaa82261d8b01cd1d72c9eb2d8263f919567222f53c07e7
-
SSDEEP
1536:JTkdAzUYFhyBvnZwtIEWizIr2FfGcCjGuFv1lQJKyN065KiyhQ5:JI8UYFonZwtIgFfGcOLQJKGKiy+5
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1