sality | 22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d | Triage

Submit
Reports

Overview

overview

Static

static

22a2b110e5...1d.exe

windows7_x64

22a2b110e5...1d.exe

windows10-2004_x64

Sharing

General

Target

22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d
Size

112KB
Sample

220612-e6zx2aeecl
MD5

019d195f5349e3824a4cfae7443da9d9
SHA1

3e3839f4b03dc7e1b1eaa7709bd586b967906471
SHA256

22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d
SHA512

d8dcfede2b4501723e4c218e0945b9ff36d6f4613b3a62d3180a8e1ef0d19906ce3ae7424dd8d5552cad8d33ca01863f8f8e30e1d29c0a9244f570b7706c2995

Score

10^/10

sality xtremerat backdoor evasion persistence rat spyware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d.exe

Resource

win7-20220414-en

sality xtremerat backdoor evasion persistence rat spyware trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d.exe

Resource

win10v2004-20220414-en

sality xtremerat backdoor evasion persistence rat spyware trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d
- Size
  
  112KB
- MD5
  
  019d195f5349e3824a4cfae7443da9d9
- SHA1
  
  3e3839f4b03dc7e1b1eaa7709bd586b967906471
- SHA256
  
  22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d
- SHA512
  
  d8dcfede2b4501723e4c218e0945b9ff36d6f4613b3a62d3180a8e1ef0d19906ce3ae7424dd8d5552cad8d33ca01863f8f8e30e1d29c0a9244f570b7706c2995
Score

10^/10

sality xtremerat backdoor evasion persistence rat spyware trojan upx
- Detect XtremeRAT Payload
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salityxtremeratbackdoorevasionpersistenceratspywaretrojanupx

behavioral2

salityxtremeratbackdoorevasionpersistenceratspywaretrojanupx

© 2018-2024

Terms | Privacy