sality | fedb7b1624eb067fb8368c1d627d3563b93c6b7599f1f6656c56f28e01423d27 | Triage

Sharing

General

Target

fedb7b1624eb067fb8368c1d627d3563b93c6b7599f1f6656c56f28e01423d27
Size

95KB
Sample

221011-1tl2asgbhj
MD5

6a90cc221f1235fb5ddeb62c7944a370
SHA1

d7cd48eaf86f871e1aaa21ae26b66bf74446fdf0
SHA256

fedb7b1624eb067fb8368c1d627d3563b93c6b7599f1f6656c56f28e01423d27
SHA512

68ca5ecbf341e3e78abcd76ab960108b309bd326645b99d49971111681ba8cd3268642e139371039c707dc91ddeab421447dbb3f8247fbc2512433c2b14a5b49
SSDEEP

1536:mHrJuCVOT9lI5O5zdVUtJXAUqNrzkNXbUj+hmp03zfV7yK:mHr4CVOT9C5O5zdygrwdb8+h007V7yK

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  fedb7b1624eb067fb8368c1d627d3563b93c6b7599f1f6656c56f28e01423d27
- Size
  
  95KB
- MD5
  
  6a90cc221f1235fb5ddeb62c7944a370
- SHA1
  
  d7cd48eaf86f871e1aaa21ae26b66bf74446fdf0
- SHA256
  
  fedb7b1624eb067fb8368c1d627d3563b93c6b7599f1f6656c56f28e01423d27
- SHA512
  
  68ca5ecbf341e3e78abcd76ab960108b309bd326645b99d49971111681ba8cd3268642e139371039c707dc91ddeab421447dbb3f8247fbc2512433c2b14a5b49
- SSDEEP
  
  1536:mHrJuCVOT9lI5O5zdVUtJXAUqNrzkNXbUj+hmp03zfV7yK:mHr4CVOT9C5O5zdygrwdb8+h007V7yK
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2