General
-
Target
6073248b07e636fa0a2a469eb4e91910_NeikiAnalytics.exe
-
Size
232KB
-
Sample
240530-cw7tsacb68
-
MD5
6073248b07e636fa0a2a469eb4e91910
-
SHA1
a3150a1cc10fbb045e80b0337ef66db6fc37546a
-
SHA256
7a8ccbe3ac4271a4257401fc350282967ba760f0c46120c2129927858d26ee0d
-
SHA512
e84be527f3b137f8bff59f172ba8646d34a105f0103f7cdb35d50741bd3f13b50140a7d0110b1dcd99ae8186029be3bc0d8352a9a8e85b7322c29dc71403e223
-
SSDEEP
3072:4S2BNz4k2a+RvXp5ApGbpV4kHs2vh6DfSLGS5KTl9242/jismMguU:SFRKLGS5UIritM5U
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
6073248b07e636fa0a2a469eb4e91910_NeikiAnalytics.exe
-
Size
232KB
-
MD5
6073248b07e636fa0a2a469eb4e91910
-
SHA1
a3150a1cc10fbb045e80b0337ef66db6fc37546a
-
SHA256
7a8ccbe3ac4271a4257401fc350282967ba760f0c46120c2129927858d26ee0d
-
SHA512
e84be527f3b137f8bff59f172ba8646d34a105f0103f7cdb35d50741bd3f13b50140a7d0110b1dcd99ae8186029be3bc0d8352a9a8e85b7322c29dc71403e223
-
SSDEEP
3072:4S2BNz4k2a+RvXp5ApGbpV4kHs2vh6DfSLGS5KTl9242/jismMguU:SFRKLGS5UIritM5U
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5