sality | 02f3c04e26fb530ba1d03c0a35af08ec0ccfbbdd1b48021c66ec69cb4b27c740 | Triage

Submit
Reports

Overview

overview

Static

static

02f3c04e26...40.exe

windows7-x64

02f3c04e26...40.exe

windows10-2004-x64

Sharing

General

Target

02f3c04e26fb530ba1d03c0a35af08ec0ccfbbdd1b48021c66ec69cb4b27c740
Size

120KB
Sample

221003-w8yanabafl
MD5

62e0010fc4194ac7f9f0c89d9d36af5b
SHA1

223624be3113c935de56310149f03a1fd1faecb4
SHA256

02f3c04e26fb530ba1d03c0a35af08ec0ccfbbdd1b48021c66ec69cb4b27c740
SHA512

443579004b1ebf0fedf237d222a7ec60e61548bdeae4f050adce49a0b18054ca40df58bc221d9989baeb0537c12fd51b3ff6085cebf846c6ebe26c33d6ae60d8
SSDEEP

3072:1JWCusCudKWM9p7kMRceoYCyA1ef4NOCyWUuJW6et:1J7usCu29vR3weQNOCynqW6et

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

02f3c04e26fb530ba1d03c0a35af08ec0ccfbbdd1b48021c66ec69cb4b27c740.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

02f3c04e26fb530ba1d03c0a35af08ec0ccfbbdd1b48021c66ec69cb4b27c740.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  02f3c04e26fb530ba1d03c0a35af08ec0ccfbbdd1b48021c66ec69cb4b27c740
- Size
  
  120KB
- MD5
  
  62e0010fc4194ac7f9f0c89d9d36af5b
- SHA1
  
  223624be3113c935de56310149f03a1fd1faecb4
- SHA256
  
  02f3c04e26fb530ba1d03c0a35af08ec0ccfbbdd1b48021c66ec69cb4b27c740
- SHA512
  
  443579004b1ebf0fedf237d222a7ec60e61548bdeae4f050adce49a0b18054ca40df58bc221d9989baeb0537c12fd51b3ff6085cebf846c6ebe26c33d6ae60d8
- SSDEEP
  
  3072:1JWCusCudKWM9p7kMRceoYCyA1ef4NOCyWUuJW6et:1J7usCu29vR3weQNOCynqW6et
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy