General

  • Target

    55f810d3aab031566ae58a65d822db84e3146cfb306c71642b8c5899f8f07655_NeikiAnalytics.exe

  • Size

    120KB

  • Sample

    240626-f5f9zazgmq

  • MD5

    7aff625cec86dcd8edcb973b2d7b3670

  • SHA1

    67fcaa55dc9e32de0f57d5eb1835033ed23e661e

  • SHA256

    55f810d3aab031566ae58a65d822db84e3146cfb306c71642b8c5899f8f07655

  • SHA512

    c5d5a4571a31f369921dded474e00a88714170346e393b2c9cce80c95f8a07c0edd129ffb344648ac0db569cdfca178ce6d55579de653d252b1a497368e652af

  • SSDEEP

    1536:bQ5pItk/cDU+ueo6x6bNH+zt2iX7ZyKsv4r1CV5fc8G4B4mH9t9m:c5pIykDU/eoUzUib+Myeg

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      55f810d3aab031566ae58a65d822db84e3146cfb306c71642b8c5899f8f07655_NeikiAnalytics.exe

    • Size

      120KB

    • MD5

      7aff625cec86dcd8edcb973b2d7b3670

    • SHA1

      67fcaa55dc9e32de0f57d5eb1835033ed23e661e

    • SHA256

      55f810d3aab031566ae58a65d822db84e3146cfb306c71642b8c5899f8f07655

    • SHA512

      c5d5a4571a31f369921dded474e00a88714170346e393b2c9cce80c95f8a07c0edd129ffb344648ac0db569cdfca178ce6d55579de653d252b1a497368e652af

    • SSDEEP

      1536:bQ5pItk/cDU+ueo6x6bNH+zt2iX7ZyKsv4r1CV5fc8G4B4mH9t9m:c5pIykDU/eoUzUib+Myeg

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks