General
-
Target
1751d237603d0f7f861af5f017aae2481db1cb2894369808eea83b4397c051ea_NeikiAnalytics.exe
-
Size
284KB
-
Sample
240619-3ef8ls1dnq
-
MD5
3972895a6dbf0fdadf1c1dd142cdc0a0
-
SHA1
410e5bea0c64264a8f82d8428b0e26de53f22d3b
-
SHA256
1751d237603d0f7f861af5f017aae2481db1cb2894369808eea83b4397c051ea
-
SHA512
ea4e3e94ceb801710a79aafa1f086aad0768c7965cf2c6f0656a284fd3873ef88749f9e0ef904440b38f5c33693a25f224a8e53e2bf9664dc67e34fd4fc56cf2
-
SSDEEP
6144:QgjTffsAeph79dcGd3dR7Fuy7LILqkbJkQlout+1z/5H4NMbr:QgjLUAeph79dcK3dR7i4uTtAD5HQMbr
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1751d237603d0f7f861af5f017aae2481db1cb2894369808eea83b4397c051ea_NeikiAnalytics.exe
-
Size
284KB
-
MD5
3972895a6dbf0fdadf1c1dd142cdc0a0
-
SHA1
410e5bea0c64264a8f82d8428b0e26de53f22d3b
-
SHA256
1751d237603d0f7f861af5f017aae2481db1cb2894369808eea83b4397c051ea
-
SHA512
ea4e3e94ceb801710a79aafa1f086aad0768c7965cf2c6f0656a284fd3873ef88749f9e0ef904440b38f5c33693a25f224a8e53e2bf9664dc67e34fd4fc56cf2
-
SSDEEP
6144:QgjTffsAeph79dcGd3dR7Fuy7LILqkbJkQlout+1z/5H4NMbr:QgjLUAeph79dcK3dR7i4uTtAD5HQMbr
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1