General
-
Target
ef42488a346cf3e5dad9d8f2c0610e10_NeikiAnalytics.exe
-
Size
92KB
-
Sample
240517-tma7wsff46
-
MD5
ef42488a346cf3e5dad9d8f2c0610e10
-
SHA1
875316581c7d2f6a9cf70ce4308ef296c1a9a535
-
SHA256
4756ba798735cb285a11daf419e1af1e07f5078b345fd06d278dfaa842d2b24b
-
SHA512
ebb88522f05019b9f7bdb79bb8f08219f3adf681bb4a7f1f80fef087ec04ec4bdd1385bd2a9d94a5aff00d71b5617c103acf29195972391dccfefcd1f66360b3
-
SSDEEP
1536:p9dIyhV0SAwh0C5CbfPbDOxdY/C89Pcd3hz0x4PSjT2wKLouGIENoj:p9dIJJwh0aCnDOACbd3ZTPSmoQ/
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ef42488a346cf3e5dad9d8f2c0610e10_NeikiAnalytics.exe
-
Size
92KB
-
MD5
ef42488a346cf3e5dad9d8f2c0610e10
-
SHA1
875316581c7d2f6a9cf70ce4308ef296c1a9a535
-
SHA256
4756ba798735cb285a11daf419e1af1e07f5078b345fd06d278dfaa842d2b24b
-
SHA512
ebb88522f05019b9f7bdb79bb8f08219f3adf681bb4a7f1f80fef087ec04ec4bdd1385bd2a9d94a5aff00d71b5617c103acf29195972391dccfefcd1f66360b3
-
SSDEEP
1536:p9dIyhV0SAwh0C5CbfPbDOxdY/C89Pcd3hz0x4PSjT2wKLouGIENoj:p9dIJJwh0aCnDOACbd3ZTPSmoQ/
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1