General
-
Target
6e8db17fd6acf3ed0f755c0d9c89f65a_NeikiAnalytics.exe
-
Size
97KB
-
Sample
240519-mn8ffsee4t
-
MD5
6e8db17fd6acf3ed0f755c0d9c89f65a
-
SHA1
2bd1542db07c9bea6c100d9b9d1cee462718c7b6
-
SHA256
a02a202fc3db543675972e1b802fd85e2bc5693ec0db8cc768a03201e6a1781b
-
SHA512
13d978d40459d9cacec75461375eb1486350254f41b509f86346e6eae1c6d597398616b1006a194b2c0f520cbc981da94d81cbba7ae598d938b66b9284754d7e
-
SSDEEP
1536:TtG5n1MkfrmurqQTxd92HEu+gEC/6lGto3ZgycfuUtavOdzXEzdc:sPak592v9QjXcxtav8EzG
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6e8db17fd6acf3ed0f755c0d9c89f65a_NeikiAnalytics.exe
-
Size
97KB
-
MD5
6e8db17fd6acf3ed0f755c0d9c89f65a
-
SHA1
2bd1542db07c9bea6c100d9b9d1cee462718c7b6
-
SHA256
a02a202fc3db543675972e1b802fd85e2bc5693ec0db8cc768a03201e6a1781b
-
SHA512
13d978d40459d9cacec75461375eb1486350254f41b509f86346e6eae1c6d597398616b1006a194b2c0f520cbc981da94d81cbba7ae598d938b66b9284754d7e
-
SSDEEP
1536:TtG5n1MkfrmurqQTxd92HEu+gEC/6lGto3ZgycfuUtavOdzXEzdc:sPak592v9QjXcxtav8EzG
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3