sality | 4590e9e17a98bbd507879b6dfc54a48c5a50d35358d16d634cb3ac42f4e567dd | Triage

Submit
Reports

Overview

overview

Static

static

09c8d8b230...67.exe

windows7-x64

09c8d8b230...67.exe

windows10-2004-x64

Sharing

General

Target

09c8d8b230538ffe18a96cf9d32f8a67
Size

364KB
Sample

220825-y22evaadgp
MD5

09c8d8b230538ffe18a96cf9d32f8a67
SHA1

464edfabed5c214980fdcf3c59db3713ca0cd646
SHA256

4590e9e17a98bbd507879b6dfc54a48c5a50d35358d16d634cb3ac42f4e567dd
SHA512

fcdf266eefc52e5b4f475ed597152d078f25c09de4bac3e3d5cf94c38bb406e8cda742bc227e47eb04599c698c7dd5275c17cd8992d8d72764695c6a25af62b6
SSDEEP

6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPh2BjsEID1f5kw62BurgI97w:EagCkDT2eT1RkwZErDI5

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

09c8d8b230538ffe18a96cf9d32f8a67.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

09c8d8b230538ffe18a96cf9d32f8a67.exe

Resource

win10v2004-20220812-en

sality backdoor upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  09c8d8b230538ffe18a96cf9d32f8a67
- Size
  
  364KB
- MD5
  
  09c8d8b230538ffe18a96cf9d32f8a67
- SHA1
  
  464edfabed5c214980fdcf3c59db3713ca0cd646
- SHA256
  
  4590e9e17a98bbd507879b6dfc54a48c5a50d35358d16d634cb3ac42f4e567dd
- SHA512
  
  fcdf266eefc52e5b4f475ed597152d078f25c09de4bac3e3d5cf94c38bb406e8cda742bc227e47eb04599c698c7dd5275c17cd8992d8d72764695c6a25af62b6
- SSDEEP
  
  6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPh2BjsEID1f5kw62BurgI97w:EagCkDT2eT1RkwZErDI5
Score

10^/10

sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorupx

© 2018-2024

Terms | Privacy