General
-
Target
492a962c31ffc15f0c90a48f53d7cfd0_NeikiAnalytics.exe
-
Size
65KB
-
Sample
240522-14jzpaag41
-
MD5
492a962c31ffc15f0c90a48f53d7cfd0
-
SHA1
6445c57cb40ab3d35761c8b60809d61798164e55
-
SHA256
786c9bf78ce41ddcd37a015c32f866991fddc83ceeda20a7f19a982b0252848b
-
SHA512
b28a021e3fb6606efee2975e9b60843fd33a98d5529528dc9c5bb2779cba0c458d4106662606b91bc902f8f5904ce27759d9b4c30359e365da8b6c4b99cc53d2
-
SSDEEP
1536:FwsycTr8llQ1ubHRYiXJ9xMOQ6TkaWhOl63Y0Vm1XGLKUF:F/p4N5DM8uOl63Y0IBk
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
492a962c31ffc15f0c90a48f53d7cfd0_NeikiAnalytics.exe
-
Size
65KB
-
MD5
492a962c31ffc15f0c90a48f53d7cfd0
-
SHA1
6445c57cb40ab3d35761c8b60809d61798164e55
-
SHA256
786c9bf78ce41ddcd37a015c32f866991fddc83ceeda20a7f19a982b0252848b
-
SHA512
b28a021e3fb6606efee2975e9b60843fd33a98d5529528dc9c5bb2779cba0c458d4106662606b91bc902f8f5904ce27759d9b4c30359e365da8b6c4b99cc53d2
-
SSDEEP
1536:FwsycTr8llQ1ubHRYiXJ9xMOQ6TkaWhOl63Y0Vm1XGLKUF:F/p4N5DM8uOl63Y0IBk
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3