sality | 5df93923c52fa35d631be8908aee33a36cfca98640442ae9033fe4d57ad959ab | Triage

Submit
Reports

Overview

overview

Static

static

7dd12114b9...eb.exe

windows7-x64

7dd12114b9...eb.exe

windows10-2004-x64

Sharing

General

Target

7dd12114b95c0f5bd6b9ded7168451eb
Size

356KB
Sample

220830-x1ptzsegdl
MD5

7dd12114b95c0f5bd6b9ded7168451eb
SHA1

01a2063de23d90b7229640d3c44b22ada1f3377b
SHA256

5df93923c52fa35d631be8908aee33a36cfca98640442ae9033fe4d57ad959ab
SHA512

176933a876c3bf66cfa87960d129c7781a55e20fd9aa9d7deb53be49d8d9345353c0dd2cef845883b0f97180f6e0ed9978fbc9bb0d31fd2b70f9d02ffdbd5d05
SSDEEP

6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPY+ZJn84f5kYtTdwB89Burgf:EagCkDV84RkYHwBwErbI5

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7dd12114b95c0f5bd6b9ded7168451eb.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7dd12114b95c0f5bd6b9ded7168451eb.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  7dd12114b95c0f5bd6b9ded7168451eb
- Size
  
  356KB
- MD5
  
  7dd12114b95c0f5bd6b9ded7168451eb
- SHA1
  
  01a2063de23d90b7229640d3c44b22ada1f3377b
- SHA256
  
  5df93923c52fa35d631be8908aee33a36cfca98640442ae9033fe4d57ad959ab
- SHA512
  
  176933a876c3bf66cfa87960d129c7781a55e20fd9aa9d7deb53be49d8d9345353c0dd2cef845883b0f97180f6e0ed9978fbc9bb0d31fd2b70f9d02ffdbd5d05
- SSDEEP
  
  6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPY+ZJn84f5kYtTdwB89Burgf:EagCkDV84RkYHwBwErbI5
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy