sality | 25aaeb30fb9b9eb36b042d44680a61b0513baf2a07021d3e04b73c2d0b5a4890 | Triage

Submit
Reports

Overview

overview

Static

static

25aaeb30fb...90.exe

windows7_x64

25aaeb30fb...90.exe

windows10-2004_x64

Sharing

General

Target

25aaeb30fb9b9eb36b042d44680a61b0513baf2a07021d3e04b73c2d0b5a4890
Size

91KB
Sample

220611-w1nq9abdcj
MD5

7dca89832ca5171e407cb35337bd3f0f
SHA1

b4b86b2a78d915d21f160f70809dc20fcbec7af0
SHA256

25aaeb30fb9b9eb36b042d44680a61b0513baf2a07021d3e04b73c2d0b5a4890
SHA512

9764f38abe919a1f82b3fb576283ce6ad2b003d912c94b8f709187344b2cecc099a8fa28763bf058de49bbed07cb20abafede8e857b6ae50bd8036fea64d9c55

Score

10^/10

sality backdoor evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

25aaeb30fb9b9eb36b042d44680a61b0513baf2a07021d3e04b73c2d0b5a4890.exe

Resource

win7-20220414-en

sality backdoor evasion persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

25aaeb30fb9b9eb36b042d44680a61b0513baf2a07021d3e04b73c2d0b5a4890.exe

Resource

win10v2004-20220414-en

sality backdoor evasion persistence trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  25aaeb30fb9b9eb36b042d44680a61b0513baf2a07021d3e04b73c2d0b5a4890
- Size
  
  91KB
- MD5
  
  7dca89832ca5171e407cb35337bd3f0f
- SHA1
  
  b4b86b2a78d915d21f160f70809dc20fcbec7af0
- SHA256
  
  25aaeb30fb9b9eb36b042d44680a61b0513baf2a07021d3e04b73c2d0b5a4890
- SHA512
  
  9764f38abe919a1f82b3fb576283ce6ad2b003d912c94b8f709187344b2cecc099a8fa28763bf058de49bbed07cb20abafede8e857b6ae50bd8036fea64d9c55
Score

10^/10

sality backdoor evasion persistence trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoorevasionpersistencetrojanupx

behavioral2

salitybackdoorevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy