General

  • Target

    ca5c31ac97fef4c6142e866cce84de10_NeikiAnalytics.exe

  • Size

    65KB

  • Sample

    240519-qshmdaad73

  • MD5

    ca5c31ac97fef4c6142e866cce84de10

  • SHA1

    d60be2808f3b3f64b314fd8c2d1a1d963afc17dd

  • SHA256

    889a59e2cca36d2b5547520749c9c8a09351b944a97f5ddd75aa2eee8537e4b9

  • SHA512

    035036d7dc3e2774939f3417d01ea717357af3251d59730009738414b6bdcc9aa7e08ddabe5f5436abf7565ef40af6aa928176527b2525997b70e510fc2d421d

  • SSDEEP

    1536:Wz8fRNuY7UcBWmUJgt7ZxbzJh0f7ICdonks:/2KWbmt1xBuICOb

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ca5c31ac97fef4c6142e866cce84de10_NeikiAnalytics.exe

    • Size

      65KB

    • MD5

      ca5c31ac97fef4c6142e866cce84de10

    • SHA1

      d60be2808f3b3f64b314fd8c2d1a1d963afc17dd

    • SHA256

      889a59e2cca36d2b5547520749c9c8a09351b944a97f5ddd75aa2eee8537e4b9

    • SHA512

      035036d7dc3e2774939f3417d01ea717357af3251d59730009738414b6bdcc9aa7e08ddabe5f5436abf7565ef40af6aa928176527b2525997b70e510fc2d421d

    • SSDEEP

      1536:Wz8fRNuY7UcBWmUJgt7ZxbzJh0f7ICdonks:/2KWbmt1xBuICOb

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks