sality | 26abcad4274410954977c2d70572ca657205fa7490e1fc3822dd06cf113b5a3b | Triage

Submit
Reports

Overview

overview

Static

static

26abcad427...3b.exe

windows7_x64

26abcad427...3b.exe

windows10-2004_x64

Sharing

General

Target

26abcad4274410954977c2d70572ca657205fa7490e1fc3822dd06cf113b5a3b
Size

100KB
Sample

220616-jj652scae5
MD5

de8ab460e68d8c616ffd64c65f19df6c
SHA1

8a666c4ff9dcdf0d3abfeb044dc627b7cda038b5
SHA256

26abcad4274410954977c2d70572ca657205fa7490e1fc3822dd06cf113b5a3b
SHA512

1576e6c7ea36b402c82a3181c1d95ca12946f410f95c2815f2339c9200d44d93bedb2476d48cab374d3212fee4874f18555c4ff6ec0b6f03aa70ea09caf5635a

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

26abcad4274410954977c2d70572ca657205fa7490e1fc3822dd06cf113b5a3b.exe

Resource

win7-20220414-en

sality backdoor evasion trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

26abcad4274410954977c2d70572ca657205fa7490e1fc3822dd06cf113b5a3b.exe

Resource

win10v2004-20220414-en

sality backdoor evasion trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  26abcad4274410954977c2d70572ca657205fa7490e1fc3822dd06cf113b5a3b
- Size
  
  100KB
- MD5
  
  de8ab460e68d8c616ffd64c65f19df6c
- SHA1
  
  8a666c4ff9dcdf0d3abfeb044dc627b7cda038b5
- SHA256
  
  26abcad4274410954977c2d70572ca657205fa7490e1fc3822dd06cf113b5a3b
- SHA512
  
  1576e6c7ea36b402c82a3181c1d95ca12946f410f95c2815f2339c9200d44d93bedb2476d48cab374d3212fee4874f18555c4ff6ec0b6f03aa70ea09caf5635a
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy