sality | 54052d319e9fdd3667e0ed76a6c8978aaa134ac9a2a5e6221a8cdc392dd17bcc | Triage

Submit
Reports

Overview

overview

Static

static

8

54052d319e...cc.exe

windows7-x64

8

54052d319e...cc.exe

windows10-2004-x64

Sharing

General

Target

54052d319e9fdd3667e0ed76a6c8978aaa134ac9a2a5e6221a8cdc392dd17bcc
Size

695KB
Sample

220725-zfgzraadan
MD5

826a7e4548a1fffcb763aaed18e9ad95
SHA1

6126277096309b1e4313e0d173afa7b426316c03
SHA256

54052d319e9fdd3667e0ed76a6c8978aaa134ac9a2a5e6221a8cdc392dd17bcc
SHA512

731297bea41939de7c0889e28f12959c8f353a66296433ea0dd4fd6be22bbbd7316bb04edb07190d56da72a13c66885952855c72bf5096f736d691e9d714b00c

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

54052d319e9fdd3667e0ed76a6c8978aaa134ac9a2a5e6221a8cdc392dd17bcc.exe

Resource

win7-20220718-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

54052d319e9fdd3667e0ed76a6c8978aaa134ac9a2a5e6221a8cdc392dd17bcc.exe

Resource

win10v2004-20220721-en

sality backdoor evasion trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  54052d319e9fdd3667e0ed76a6c8978aaa134ac9a2a5e6221a8cdc392dd17bcc
- Size
  
  695KB
- MD5
  
  826a7e4548a1fffcb763aaed18e9ad95
- SHA1
  
  6126277096309b1e4313e0d173afa7b426316c03
- SHA256
  
  54052d319e9fdd3667e0ed76a6c8978aaa134ac9a2a5e6221a8cdc392dd17bcc
- SHA512
  
  731297bea41939de7c0889e28f12959c8f353a66296433ea0dd4fd6be22bbbd7316bb04edb07190d56da72a13c66885952855c72bf5096f736d691e9d714b00c
Score

10^/10

upx sality backdoor evasion trojan
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy