General

  • Target

    5fe0d578bbbcf7c5f08003090775bba0_NeikiAnalytics.exe

  • Size

    120KB

  • Sample

    240519-dqmr4afe3t

  • MD5

    5fe0d578bbbcf7c5f08003090775bba0

  • SHA1

    dbffab12bf222acf6cd0075901f0c0dc0cd80b02

  • SHA256

    0413b8de8e8d9a85550446d3db1fc3be6198fe63c79e756c108ecd04d06ae1f4

  • SHA512

    66a68cf93a7f121a1fa9e1146df6d46d57fb31999c920547837dbc8408df014b6753e1eb24dde061a897017c8bf431f73cb4f9d37287db8dfbdf357550edce68

  • SSDEEP

    3072:uEufQY5g+AMPkphwWtFrtsB7LCwcLaYy6:ZDSPkpxmHEaYy6

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5fe0d578bbbcf7c5f08003090775bba0_NeikiAnalytics.exe

    • Size

      120KB

    • MD5

      5fe0d578bbbcf7c5f08003090775bba0

    • SHA1

      dbffab12bf222acf6cd0075901f0c0dc0cd80b02

    • SHA256

      0413b8de8e8d9a85550446d3db1fc3be6198fe63c79e756c108ecd04d06ae1f4

    • SHA512

      66a68cf93a7f121a1fa9e1146df6d46d57fb31999c920547837dbc8408df014b6753e1eb24dde061a897017c8bf431f73cb4f9d37287db8dfbdf357550edce68

    • SSDEEP

      3072:uEufQY5g+AMPkphwWtFrtsB7LCwcLaYy6:ZDSPkpxmHEaYy6

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks