sality | 44e02a5fc42081cf1897661ed76899a9ffb042bacee98f398c3c687a3f7e1547 | Triage

Submit
Reports

Overview

overview

Static

static

101d92081e...f9.exe

windows7-x64

101d92081e...f9.exe

windows10-2004-x64

Sharing

General

Target

101d92081eedfdb8eb83bca5f5a0a4f9
Size

364KB
Sample

220825-ye2r4aagh5
MD5

101d92081eedfdb8eb83bca5f5a0a4f9
SHA1

99cd4c1fe4b960aad63db3062e70d5f1e7631dc2
SHA256

44e02a5fc42081cf1897661ed76899a9ffb042bacee98f398c3c687a3f7e1547
SHA512

cb34e6192bbacc5ed527cba63dfd9ce165505b31f107ee41d69672191726d22487cc2ccc4d0778dc3a72a2238efcbc76f9aac6ea4d6dc428c694424614671a39
SSDEEP

6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPpR2tif5kv29P1xBurgI97w5:EagCkDLRkv29txErHI5

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

101d92081eedfdb8eb83bca5f5a0a4f9.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

101d92081eedfdb8eb83bca5f5a0a4f9.exe

Resource

win10v2004-20220812-en

sality backdoor upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  101d92081eedfdb8eb83bca5f5a0a4f9
- Size
  
  364KB
- MD5
  
  101d92081eedfdb8eb83bca5f5a0a4f9
- SHA1
  
  99cd4c1fe4b960aad63db3062e70d5f1e7631dc2
- SHA256
  
  44e02a5fc42081cf1897661ed76899a9ffb042bacee98f398c3c687a3f7e1547
- SHA512
  
  cb34e6192bbacc5ed527cba63dfd9ce165505b31f107ee41d69672191726d22487cc2ccc4d0778dc3a72a2238efcbc76f9aac6ea4d6dc428c694424614671a39
- SSDEEP
  
  6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPpR2tif5kv29P1xBurgI97w5:EagCkDLRkv29txErHI5
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorupx

© 2018-2024

Terms | Privacy