General
-
Target
75a8bb4c78f0c216ecd0bf6796854b50_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240520-a9jm1aca24
-
MD5
75a8bb4c78f0c216ecd0bf6796854b50
-
SHA1
5cacba5cbe7d21be309130b955df302ad1783516
-
SHA256
a015aec045616241d2459bedfaad5c20c0c865b6da5006f7533ace06e912db67
-
SHA512
463a06b7a18c4de5fe7f3c442dab28eab500d021927f84d7516a779de51ec59553569d7362c2c89337bfeb716b246b4b01648d1aa61080cc2236485b9354ca1c
-
SSDEEP
1536:26GO0GLbvBkTTdSoDmz+FBLArXOW6zy+zFaSNpwmyfTv4yc9YF+NjKTw:2hO0INkHc8zy+0SLEv47LBOw
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
75a8bb4c78f0c216ecd0bf6796854b50_NeikiAnalytics.exe
-
Size
120KB
-
MD5
75a8bb4c78f0c216ecd0bf6796854b50
-
SHA1
5cacba5cbe7d21be309130b955df302ad1783516
-
SHA256
a015aec045616241d2459bedfaad5c20c0c865b6da5006f7533ace06e912db67
-
SHA512
463a06b7a18c4de5fe7f3c442dab28eab500d021927f84d7516a779de51ec59553569d7362c2c89337bfeb716b246b4b01648d1aa61080cc2236485b9354ca1c
-
SSDEEP
1536:26GO0GLbvBkTTdSoDmz+FBLArXOW6zy+zFaSNpwmyfTv4yc9YF+NjKTw:2hO0INkHc8zy+0SLEv47LBOw
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1