General

  • Target

    535712879cc451fccb153eea6480421888aea7d0e037740b62735a32d8f4bb73_NeikiAnalytics.exe

  • Size

    120KB

  • Sample

    240626-fvtsbazclp

  • MD5

    4bfcdb673848da752f6a27dc4ac8bfc0

  • SHA1

    e1e3e096aa6c1c7444dc73863849f14cb08b5419

  • SHA256

    535712879cc451fccb153eea6480421888aea7d0e037740b62735a32d8f4bb73

  • SHA512

    a844acfb5a8b909a9f8b57ef186c166b0ee2426eac65fc859efb6a98b11cfbd12b04b06d8833ea6f600885af7e22421038b3bc85fbab7a8e0f6f15d05870dfa4

  • SSDEEP

    3072:8h//movTZuI9XNd1uLD1fomcU2OtGCEuNTN:8h3mobZukL1uLD1sU2OtoK

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      535712879cc451fccb153eea6480421888aea7d0e037740b62735a32d8f4bb73_NeikiAnalytics.exe

    • Size

      120KB

    • MD5

      4bfcdb673848da752f6a27dc4ac8bfc0

    • SHA1

      e1e3e096aa6c1c7444dc73863849f14cb08b5419

    • SHA256

      535712879cc451fccb153eea6480421888aea7d0e037740b62735a32d8f4bb73

    • SHA512

      a844acfb5a8b909a9f8b57ef186c166b0ee2426eac65fc859efb6a98b11cfbd12b04b06d8833ea6f600885af7e22421038b3bc85fbab7a8e0f6f15d05870dfa4

    • SSDEEP

      3072:8h//movTZuI9XNd1uLD1fomcU2OtGCEuNTN:8h3mobZukL1uLD1sU2OtoK

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks