General
-
Target
2eb2d78f9afa9955e06048b34ccb2c20_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240522-qddpwace8v
-
MD5
2eb2d78f9afa9955e06048b34ccb2c20
-
SHA1
ac008bdfbdd30068ca015565cd9667be1781b63e
-
SHA256
b4069d0d407a0085f2cb99c077a5d4af009f516449bcdef3bcf22fe2ec6a2871
-
SHA512
852f1a56c12d97930c0b7e4f823b42c300ba54c266d5db019476368d7914284b509e3cf419f740bb38d038b880c84f982cb514bc6eedd5300963639d8217d02f
-
SSDEEP
1536:uGeTQHhO4ZiNq1YzXiCIIhrsIJmN7EjrGJsIddOOQBUbSrQvu4fPd5UxFUxm6HRF:h0Go4z1YzyCN9mK+HWULvu4LH/
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2eb2d78f9afa9955e06048b34ccb2c20_NeikiAnalytics.exe
-
Size
120KB
-
MD5
2eb2d78f9afa9955e06048b34ccb2c20
-
SHA1
ac008bdfbdd30068ca015565cd9667be1781b63e
-
SHA256
b4069d0d407a0085f2cb99c077a5d4af009f516449bcdef3bcf22fe2ec6a2871
-
SHA512
852f1a56c12d97930c0b7e4f823b42c300ba54c266d5db019476368d7914284b509e3cf419f740bb38d038b880c84f982cb514bc6eedd5300963639d8217d02f
-
SSDEEP
1536:uGeTQHhO4ZiNq1YzXiCIIhrsIJmN7EjrGJsIddOOQBUbSrQvu4fPd5UxFUxm6HRF:h0Go4z1YzyCN9mK+HWULvu4LH/
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3