sality | 0edc38542cb469890f2bbfc23af1da656e2eb13e81d84c8b8f21f2e4eddeec1e | Triage

Sharing

General

Target

0edc38542cb469890f2bbfc23af1da656e2eb13e81d84c8b8f21f2e4eddeec1e
Size

1.2MB
Sample

221003-wjzgeshgh5
MD5

3d7b527a23009869730248d9b82cf770
SHA1

1672e9f60cc785305361fb6ff735d368a905f3a6
SHA256

0edc38542cb469890f2bbfc23af1da656e2eb13e81d84c8b8f21f2e4eddeec1e
SHA512

9bb17673ea5764514f62e69762b0a379ec553e62b11c2625f3164947a4211a64972b3e11d08d0bda85a75a74951aa8b60849806971b4a4ece9ca9111c2b36ae8
SSDEEP

24576:4qb/hOVsKejj2WGYH2lCRVPvruTx/WVVye3a+YTcSWPWu9QW6L3IZDsn:X/hg/CRVlye3a+YTcSwtQW6LYVm

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  0edc38542cb469890f2bbfc23af1da656e2eb13e81d84c8b8f21f2e4eddeec1e
- Size
  
  1.2MB
- MD5
  
  3d7b527a23009869730248d9b82cf770
- SHA1
  
  1672e9f60cc785305361fb6ff735d368a905f3a6
- SHA256
  
  0edc38542cb469890f2bbfc23af1da656e2eb13e81d84c8b8f21f2e4eddeec1e
- SHA512
  
  9bb17673ea5764514f62e69762b0a379ec553e62b11c2625f3164947a4211a64972b3e11d08d0bda85a75a74951aa8b60849806971b4a4ece9ca9111c2b36ae8
- SSDEEP
  
  24576:4qb/hOVsKejj2WGYH2lCRVPvruTx/WVVye3a+YTcSWPWu9QW6L3IZDsn:X/hg/CRVlye3a+YTcSwtQW6LYVm
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2