General
-
Target
ef96a5678a13a8895ddf0108062b5cf0_NeikiAnalytics.exe
-
Size
220KB
-
Sample
240517-ttya1agb38
-
MD5
ef96a5678a13a8895ddf0108062b5cf0
-
SHA1
7d23382f492ae355798508e1a31a03f3b927868a
-
SHA256
f5a96976d0328cdce9e3cca647feff6ec1d6fb10ddb2d53e312004f9860dc069
-
SHA512
415b5511c6e9a284bb1b78dedfee3f20f710fc2d587cd3f9e71eec4850a5360c8f58284c70555fed887f48273b8a8dd95fe157b064ab33f6a73f802f483abce1
-
SSDEEP
3072:sUXdTLgDKXQCtwNlzFinat0t7MqcB7gNXFx3MyVwTcoh0gIXmHeD0VaJ64MY:sUXdTLgfCSHYnhkaFx3c7CdbJ64l
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ef96a5678a13a8895ddf0108062b5cf0_NeikiAnalytics.exe
-
Size
220KB
-
MD5
ef96a5678a13a8895ddf0108062b5cf0
-
SHA1
7d23382f492ae355798508e1a31a03f3b927868a
-
SHA256
f5a96976d0328cdce9e3cca647feff6ec1d6fb10ddb2d53e312004f9860dc069
-
SHA512
415b5511c6e9a284bb1b78dedfee3f20f710fc2d587cd3f9e71eec4850a5360c8f58284c70555fed887f48273b8a8dd95fe157b064ab33f6a73f802f483abce1
-
SSDEEP
3072:sUXdTLgDKXQCtwNlzFinat0t7MqcB7gNXFx3MyVwTcoh0gIXmHeD0VaJ64MY:sUXdTLgfCSHYnhkaFx3c7CdbJ64l
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1