General
-
Target
0bd7b88eedd139819c7e61facd7ae570_NeikiAnalytics.exe
-
Size
65KB
-
Sample
240516-wygvxshf64
-
MD5
0bd7b88eedd139819c7e61facd7ae570
-
SHA1
27cef235ff2dbd38ac07313f79e2f2fd8700d5c9
-
SHA256
1745f55108cabcd51ebd136fe88b1d47744c4adfb8416da433ce2507595503af
-
SHA512
4ff9a8ecc156a711b47465d54c5deb03933726017ae15e8e5b694abfb09cb00e753353cc86e53c6d8a42f80e8f8d83e9084cc1c5f2cb88afd441415f136adaf2
-
SSDEEP
1536:my4W9iUs8GStgD5f/CdmcGLZB9SVqdK9BTQvNCzSafM84QIXIW:3Q9Sti5HIxoXSVqdKfTQM21Qkp
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0bd7b88eedd139819c7e61facd7ae570_NeikiAnalytics.exe
-
Size
65KB
-
MD5
0bd7b88eedd139819c7e61facd7ae570
-
SHA1
27cef235ff2dbd38ac07313f79e2f2fd8700d5c9
-
SHA256
1745f55108cabcd51ebd136fe88b1d47744c4adfb8416da433ce2507595503af
-
SHA512
4ff9a8ecc156a711b47465d54c5deb03933726017ae15e8e5b694abfb09cb00e753353cc86e53c6d8a42f80e8f8d83e9084cc1c5f2cb88afd441415f136adaf2
-
SSDEEP
1536:my4W9iUs8GStgD5f/CdmcGLZB9SVqdK9BTQvNCzSafM84QIXIW:3Q9Sti5HIxoXSVqdKfTQM21Qkp
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5