sality | 087df168d78dcfd730fb669aad4b848c054f08cbab3c722c87a0be0aa5c598a7 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...64.exe

windows7_x64

SecuriteIn...64.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Win32.Sector.30.16924.15564
Size

1.1MB
Sample

200730-t5vy5kfr72
MD5

9940b1d4284582df2342b9c394b34d20
SHA1

ffe310f517cc7e6e7dc6ca10007338b2c1d09f66
SHA256

087df168d78dcfd730fb669aad4b848c054f08cbab3c722c87a0be0aa5c598a7
SHA512

b578d6c3a27f56d85ddeadcc8f96a40c3aa4c64684d9d0451769233997c2d0c0521ec7497d63d2da2686b227a9e6714492f1f6dc5ea2b280d08bf27608f491dd

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.Sector.30.16924.15564.exe

Resource

win7

sality backdoor evasion trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.Sector.30.16924.15564.exe

Resource

win10v200722

sality backdoor evasion trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  SecuriteInfo.com.Win32.Sector.30.16924.15564
- Size
  
  1.1MB
- MD5
  
  9940b1d4284582df2342b9c394b34d20
- SHA1
  
  ffe310f517cc7e6e7dc6ca10007338b2c1d09f66
- SHA256
  
  087df168d78dcfd730fb669aad4b848c054f08cbab3c722c87a0be0aa5c598a7
- SHA512
  
  b578d6c3a27f56d85ddeadcc8f96a40c3aa4c64684d9d0451769233997c2d0c0521ec7497d63d2da2686b227a9e6714492f1f6dc5ea2b280d08bf27608f491dd
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy