General
-
Target
73cefee8d1c8f0f1cd0c9aefcda57300_NeikiAnalytics.exe
-
Size
97KB
-
Sample
240518-cky3hafd45
-
MD5
73cefee8d1c8f0f1cd0c9aefcda57300
-
SHA1
a01fe0970fae9372e6f5a24652fed0ef45b23df8
-
SHA256
8da471c428131521ba58363b424eedc22bad92d288eee6818eebd3fcfca2f002
-
SHA512
6a466373a2b29544e800f8c1a29b60c7467b46206498c021929b39d74e1689a1ef018059c0f6e86a0828500923e7b15af03f36a30d2e4fd8be6b4cff6c1ccc88
-
SSDEEP
1536:+JKa69K6y33TIidQMHqzA+vj4DmbhdSzPziCXDU6oTZZScn7tF5ezfy:d9K643T9dSznimbhW2gg6oScn73kz
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
73cefee8d1c8f0f1cd0c9aefcda57300_NeikiAnalytics.exe
-
Size
97KB
-
MD5
73cefee8d1c8f0f1cd0c9aefcda57300
-
SHA1
a01fe0970fae9372e6f5a24652fed0ef45b23df8
-
SHA256
8da471c428131521ba58363b424eedc22bad92d288eee6818eebd3fcfca2f002
-
SHA512
6a466373a2b29544e800f8c1a29b60c7467b46206498c021929b39d74e1689a1ef018059c0f6e86a0828500923e7b15af03f36a30d2e4fd8be6b4cff6c1ccc88
-
SSDEEP
1536:+JKa69K6y33TIidQMHqzA+vj4DmbhdSzPziCXDU6oTZZScn7tF5ezfy:d9K643T9dSznimbhW2gg6oScn73kz
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3