Overview

overview

10

Static

static

3

338e1dfc2b...cs.dll

windows7-x64

10

338e1dfc2b...cs.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    338e1dfc2b07ff5f5c0c130cd2bfb670_NeikiAnalytics.exe

  • Size

    120KB

  • Sample

    240528-fl93yagd89

  • MD5

    338e1dfc2b07ff5f5c0c130cd2bfb670

  • SHA1

    4c3dfec49b6e626a88621d1d8a6e56fb7e1d7f76

  • SHA256

    b77c535a4a6c5b9799e0d9b0e123a990acd45be1d59ded0d62550aead8cdd853

  • SHA512

    3c2c8165398ef237edae7bc4990b06f78cad39092b8a720dde5d0a30f6c145fd531622390903764474826753e4c2153772c6f10c469b0df49a25c837130c937f

  • SSDEEP

    1536:0q/yJ2X7NBe7vj0gFDMYhxmPHur6QDUyS/Gis0mYJ8cU7g:0q/yj7ARYhY+705JA

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      338e1dfc2b07ff5f5c0c130cd2bfb670_NeikiAnalytics.exe

    • Size

      120KB

    • MD5

      338e1dfc2b07ff5f5c0c130cd2bfb670

    • SHA1

      4c3dfec49b6e626a88621d1d8a6e56fb7e1d7f76

    • SHA256

      b77c535a4a6c5b9799e0d9b0e123a990acd45be1d59ded0d62550aead8cdd853

    • SHA512

      3c2c8165398ef237edae7bc4990b06f78cad39092b8a720dde5d0a30f6c145fd531622390903764474826753e4c2153772c6f10c469b0df49a25c837130c937f

    • SSDEEP

      1536:0q/yJ2X7NBe7vj0gFDMYhxmPHur6QDUyS/Gis0mYJ8cU7g:0q/yj7ARYhY+705JA

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks