General
-
Target
ecfaa178f37e0329aef599b996c716f0_NeikiAnalytics.exe
-
Size
92KB
-
Sample
240517-r928sacg3z
-
MD5
ecfaa178f37e0329aef599b996c716f0
-
SHA1
4c701e580bc3dc9eb782ae2630c0f81308a37d91
-
SHA256
26103af36e408d54c1270b487697f6b1128dc184d360bff15f9c18f3ac5248e5
-
SHA512
43eafade8ae1ce402fd2eda75bc431b7a251695de77dc34965716cc78a3ee800d2790f508808eaf3f089c49d05a8fe162c901937be0ce4ce902c6d208e2bbb24
-
SSDEEP
1536:Fx7mxVXxysB8Lo4X5bJrmrjtAc+VtgWbE5x1cp2SIJDK:FodysB8LFBJarj7sg4aMIJDK
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ecfaa178f37e0329aef599b996c716f0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
ecfaa178f37e0329aef599b996c716f0
-
SHA1
4c701e580bc3dc9eb782ae2630c0f81308a37d91
-
SHA256
26103af36e408d54c1270b487697f6b1128dc184d360bff15f9c18f3ac5248e5
-
SHA512
43eafade8ae1ce402fd2eda75bc431b7a251695de77dc34965716cc78a3ee800d2790f508808eaf3f089c49d05a8fe162c901937be0ce4ce902c6d208e2bbb24
-
SSDEEP
1536:Fx7mxVXxysB8Lo4X5bJrmrjtAc+VtgWbE5x1cp2SIJDK:FodysB8LFBJarj7sg4aMIJDK
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1