sality | bbea5cc97ec6d480ecc0227db4c3779136df8a31d775de33db653d4005f134c5 | Triage

Submit
Reports

Overview

overview

Static

static

bbea5cc97e...c5.exe

windows7-x64

bbea5cc97e...c5.exe

windows10-2004-x64

Sharing

General

Target

bbea5cc97ec6d480ecc0227db4c3779136df8a31d775de33db653d4005f134c5
Size

426KB
Sample

221030-b48klsfeh9
MD5

931cbf8210319f8be81614211fecdb49
SHA1

dc437382347a80e88a2c43bcd13d432ee1aec14e
SHA256

bbea5cc97ec6d480ecc0227db4c3779136df8a31d775de33db653d4005f134c5
SHA512

c6360058a028a2d69507af945ee90b8d3165215a4124d6e9ffd5987d475ec457159e82ce898811f3597f8ba5d529681733951813ba8fa7954bece858b486256e
SSDEEP

12288:FOeUjd8eBbD+OTnvmP/iiqG0Jpig2TB+0x66lf1Tf9frKxPpn9ZmaOrPalQQrTFK:FOeUjd8eBbD+OTnvmP/iiqG0Jpig2TBX

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

bbea5cc97ec6d480ecc0227db4c3779136df8a31d775de33db653d4005f134c5.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbea5cc97ec6d480ecc0227db4c3779136df8a31d775de33db653d4005f134c5.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  bbea5cc97ec6d480ecc0227db4c3779136df8a31d775de33db653d4005f134c5
- Size
  
  426KB
- MD5
  
  931cbf8210319f8be81614211fecdb49
- SHA1
  
  dc437382347a80e88a2c43bcd13d432ee1aec14e
- SHA256
  
  bbea5cc97ec6d480ecc0227db4c3779136df8a31d775de33db653d4005f134c5
- SHA512
  
  c6360058a028a2d69507af945ee90b8d3165215a4124d6e9ffd5987d475ec457159e82ce898811f3597f8ba5d529681733951813ba8fa7954bece858b486256e
- SSDEEP
  
  12288:FOeUjd8eBbD+OTnvmP/iiqG0Jpig2TB+0x66lf1Tf9frKxPpn9ZmaOrPalQQrTFK:FOeUjd8eBbD+OTnvmP/iiqG0Jpig2TBX
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy