General

  • Target

    40fb036f8742c9af1429cc1e14e9981c421c053ccdf0e8d818f3c86edfd52c35_NeikiAnalytics.exe

  • Size

    120KB

  • Sample

    240626-dgs8hstelr

  • MD5

    84f4050fd1593b82200e271a08c1ee00

  • SHA1

    199e1cbbb896036295b79c73037c05b7dcbc107e

  • SHA256

    40fb036f8742c9af1429cc1e14e9981c421c053ccdf0e8d818f3c86edfd52c35

  • SHA512

    89ac87c5e158aac42566aa2144498590e5b6c4ee2f60dfdad86c71983676e1bdf2df41af6043c6854b5bb79ab577429ee2c0f67c8ec1fae1220fdc5143544208

  • SSDEEP

    3072:533q5VRQpE9E5Us5Cy5mnT+W2NfE2C9IVw8ZWyLGD5EN6:lq5V/E5UhawyW2TC9qw8xLp

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      40fb036f8742c9af1429cc1e14e9981c421c053ccdf0e8d818f3c86edfd52c35_NeikiAnalytics.exe

    • Size

      120KB

    • MD5

      84f4050fd1593b82200e271a08c1ee00

    • SHA1

      199e1cbbb896036295b79c73037c05b7dcbc107e

    • SHA256

      40fb036f8742c9af1429cc1e14e9981c421c053ccdf0e8d818f3c86edfd52c35

    • SHA512

      89ac87c5e158aac42566aa2144498590e5b6c4ee2f60dfdad86c71983676e1bdf2df41af6043c6854b5bb79ab577429ee2c0f67c8ec1fae1220fdc5143544208

    • SSDEEP

      3072:533q5VRQpE9E5Us5Cy5mnT+W2NfE2C9IVw8ZWyLGD5EN6:lq5V/E5UhawyW2TC9qw8xLp

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks