General
-
Target
bd885fb75f5cd3fd5f8b0f9b105a8030_NeikiAnalytics.exe
-
Size
826KB
-
Sample
240619-pzdfkazhrc
-
MD5
bd885fb75f5cd3fd5f8b0f9b105a8030
-
SHA1
378974ce715da5cabc6ed147fe66fd6ff3f27e65
-
SHA256
734a479e652c996963e9d6bfff5abcde322ae8a39b6293ab4ca26b6df30fd180
-
SHA512
bb647596f21fc076f5717c89cafde2109e2af9c24d752a0514aa1dd7be2a16865cee459033dc659b81e4b18679990fe800bdb265319ef475b8bb3c30b66c53cd
-
SSDEEP
24576:SIXW/8yw1ez54lI3F5SXYH2DS1OWLwzkiG:l9bC4lIqve0kx
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
bd885fb75f5cd3fd5f8b0f9b105a8030_NeikiAnalytics.exe
-
Size
826KB
-
MD5
bd885fb75f5cd3fd5f8b0f9b105a8030
-
SHA1
378974ce715da5cabc6ed147fe66fd6ff3f27e65
-
SHA256
734a479e652c996963e9d6bfff5abcde322ae8a39b6293ab4ca26b6df30fd180
-
SHA512
bb647596f21fc076f5717c89cafde2109e2af9c24d752a0514aa1dd7be2a16865cee459033dc659b81e4b18679990fe800bdb265319ef475b8bb3c30b66c53cd
-
SSDEEP
24576:SIXW/8yw1ez54lI3F5SXYH2DS1OWLwzkiG:l9bC4lIqve0kx
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1