General
-
Target
1b417534ae482aa4ae8f43128000d68b8db64a630980b86726db3d5e8d4fcea5_NeikiAnalytics.exe
-
Size
1.1MB
-
Sample
240628-z7t4dssdmg
-
MD5
56fe0ca07f57178abfe922777d34cbb0
-
SHA1
149a6461651e2ba26e367138376cc1cc98623892
-
SHA256
1b417534ae482aa4ae8f43128000d68b8db64a630980b86726db3d5e8d4fcea5
-
SHA512
48f0fe51951383f61a72c0470f1f39835539e82c93af23005dfaeb14695447f9d7eaf4b7bbb81ae5e0ae8576ecad6a3a64c30cd92396085bd592f743e6b6b75b
-
SSDEEP
24576:1zN5UT1sGo0+OBiDppkQboY4cxU7pL88fMPHrd+0aOil6:1zQ1sGo3jDHkv9V9ird26
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1b417534ae482aa4ae8f43128000d68b8db64a630980b86726db3d5e8d4fcea5_NeikiAnalytics.exe
-
Size
1.1MB
-
MD5
56fe0ca07f57178abfe922777d34cbb0
-
SHA1
149a6461651e2ba26e367138376cc1cc98623892
-
SHA256
1b417534ae482aa4ae8f43128000d68b8db64a630980b86726db3d5e8d4fcea5
-
SHA512
48f0fe51951383f61a72c0470f1f39835539e82c93af23005dfaeb14695447f9d7eaf4b7bbb81ae5e0ae8576ecad6a3a64c30cd92396085bd592f743e6b6b75b
-
SSDEEP
24576:1zN5UT1sGo0+OBiDppkQboY4cxU7pL88fMPHrd+0aOil6:1zQ1sGo3jDHkv9V9ird26
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1