General
-
Target
ae7978c00e28886c82186caf38cc76736d9057da7460e5028447fbf1bb88fed0_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240629-rbrpdssaqn
-
MD5
179d5d4f5affdefb5ffad8382fa8b290
-
SHA1
4bd5d3fd78484c4da56b65361bbd62434d301787
-
SHA256
ae7978c00e28886c82186caf38cc76736d9057da7460e5028447fbf1bb88fed0
-
SHA512
54db8879128f6785ce1d0a0e44b6bd04dc2d3210eed44e7468f5a9a6e77768ef8fde19403142dc5d4867c00b2367b339834887473bcaa071eca05749594f62ad
-
SSDEEP
1536:alDY15pYhNgS+iVZi3ntSxHfauJNKytvzcVIzjkj0THEFqMprvTn2:X5yhNgS+iV2MxHfauTTvzcuzQwkbDb
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ae7978c00e28886c82186caf38cc76736d9057da7460e5028447fbf1bb88fed0_NeikiAnalytics.exe
-
Size
120KB
-
MD5
179d5d4f5affdefb5ffad8382fa8b290
-
SHA1
4bd5d3fd78484c4da56b65361bbd62434d301787
-
SHA256
ae7978c00e28886c82186caf38cc76736d9057da7460e5028447fbf1bb88fed0
-
SHA512
54db8879128f6785ce1d0a0e44b6bd04dc2d3210eed44e7468f5a9a6e77768ef8fde19403142dc5d4867c00b2367b339834887473bcaa071eca05749594f62ad
-
SSDEEP
1536:alDY15pYhNgS+iVZi3ntSxHfauJNKytvzcVIzjkj0THEFqMprvTn2:X5yhNgS+iV2MxHfauTTvzcuzQwkbDb
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1