General
-
Target
9e992ca508a5e13ed1bd23a6abdde33cb1118d4dcec23c46eaa5de8b0d684358_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240628-svz1jsybql
-
MD5
b62513158a696473520a643c324bab80
-
SHA1
218ff3d8d425e8463f7722208b3bcc293fc88455
-
SHA256
9e992ca508a5e13ed1bd23a6abdde33cb1118d4dcec23c46eaa5de8b0d684358
-
SHA512
e051cc1ac242770112f3cf125cf85f40b38315583d2a8dc33ae7c598a88f079333779d1a7a017fcbf435d04d50f8e0166efc3bcbab5cbcdac8a4f0b19c9820a4
-
SSDEEP
1536:+q03pC09Ykrq4n6VMD7bs2kdq3XZ2v36eyJ+1w1EwFnwV1k/LDQgryJ+:+q0Z7n6qLwdq52P6diXswATDnE+
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9e992ca508a5e13ed1bd23a6abdde33cb1118d4dcec23c46eaa5de8b0d684358_NeikiAnalytics.exe
-
Size
120KB
-
MD5
b62513158a696473520a643c324bab80
-
SHA1
218ff3d8d425e8463f7722208b3bcc293fc88455
-
SHA256
9e992ca508a5e13ed1bd23a6abdde33cb1118d4dcec23c46eaa5de8b0d684358
-
SHA512
e051cc1ac242770112f3cf125cf85f40b38315583d2a8dc33ae7c598a88f079333779d1a7a017fcbf435d04d50f8e0166efc3bcbab5cbcdac8a4f0b19c9820a4
-
SSDEEP
1536:+q03pC09Ykrq4n6VMD7bs2kdq3XZ2v36eyJ+1w1EwFnwV1k/LDQgryJ+:+q0Z7n6qLwdq52P6diXswATDnE+
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1