General
-
Target
3055857e5e0bb21d0f26112cf0da8600_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240611-llymsssckg
-
MD5
3055857e5e0bb21d0f26112cf0da8600
-
SHA1
ec1e9eaca3ffbd05c3986da64ac5ca2afba4a85b
-
SHA256
e5ba37da74ff52e04a4d3c5279e2faeda906547bdae39b53df0417cf02571558
-
SHA512
7cfe5b445174f53d362e82387e6ed14766043532c79cbb1e6d2ede3f01cf7f0385c1aa2e5445cd4023b1af3f0f079cfc498fe3e475e7ba683453ac95717e1957
-
SSDEEP
3072:csqf2Dn+FnYo1gid2UvkTpxafSenPYhG0:meDn+FYiof/a5YhG0
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3055857e5e0bb21d0f26112cf0da8600_NeikiAnalytics.exe
-
Size
120KB
-
MD5
3055857e5e0bb21d0f26112cf0da8600
-
SHA1
ec1e9eaca3ffbd05c3986da64ac5ca2afba4a85b
-
SHA256
e5ba37da74ff52e04a4d3c5279e2faeda906547bdae39b53df0417cf02571558
-
SHA512
7cfe5b445174f53d362e82387e6ed14766043532c79cbb1e6d2ede3f01cf7f0385c1aa2e5445cd4023b1af3f0f079cfc498fe3e475e7ba683453ac95717e1957
-
SSDEEP
3072:csqf2Dn+FnYo1gid2UvkTpxafSenPYhG0:meDn+FYiof/a5YhG0
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3