General

  • Target

    7f34cccba312f445f7a9d22e4e7c7490_NeikiAnalytics.exe

  • Size

    120KB

  • Sample

    240531-zmd7fach5v

  • MD5

    7f34cccba312f445f7a9d22e4e7c7490

  • SHA1

    24268adff4bb5a64fd6c385e24bb550455fcd4a7

  • SHA256

    b57d98b97263d8b0c1d77ec8adcf372c023ce2b7788c12e441219e61f1c42414

  • SHA512

    ea83771ab2a8d3d4ec602a4e53bb337a9fddee406cb20e0c5886a2588d1c6ca1f66ab813181c4e85e0b729c98c08b3f6b0c4316b1b563a96487bac637f393fc8

  • SSDEEP

    1536:P5mACH2t+f8yVfuF0nhpb3Y05oKSCWNRUWMxt9i6/fTOIMzZg:EAq2g5VfpzbIOSzNRUWMxt9iqiF

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7f34cccba312f445f7a9d22e4e7c7490_NeikiAnalytics.exe

    • Size

      120KB

    • MD5

      7f34cccba312f445f7a9d22e4e7c7490

    • SHA1

      24268adff4bb5a64fd6c385e24bb550455fcd4a7

    • SHA256

      b57d98b97263d8b0c1d77ec8adcf372c023ce2b7788c12e441219e61f1c42414

    • SHA512

      ea83771ab2a8d3d4ec602a4e53bb337a9fddee406cb20e0c5886a2588d1c6ca1f66ab813181c4e85e0b729c98c08b3f6b0c4316b1b563a96487bac637f393fc8

    • SSDEEP

      1536:P5mACH2t+f8yVfuF0nhpb3Y05oKSCWNRUWMxt9i6/fTOIMzZg:EAq2g5VfpzbIOSzNRUWMxt9iqiF

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks