sality | 0eeb462fb565a1433af00d6d36db07d347f8df1cf5726dd269f37ca3d2c8bf9d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0eeb462fb565a1433af00d6d36db07d347f8df1cf5726dd269f37ca3d2c8bf9d
Size

184KB
Sample

221030-cdk73agad3
MD5

929694381eaea3b180a3b94aa5e11110
SHA1

a78ec7ea7ecb4cd32a07d3a2051f8d7ffc92858e
SHA256

0eeb462fb565a1433af00d6d36db07d347f8df1cf5726dd269f37ca3d2c8bf9d
SHA512

559a6abcac19b2948eb92eb7335c23eaf3680602f5d8df464297e53676401cc30d7579c4b669e24fe6b56b11b37f25e6cdaab2309247ee67574c36da2977571f
SSDEEP

3072:8WwmqYExhA2zTRgukMNoMOARKZ7n12Zzqe1E34/y9XHe0AJkzgQ6o23yJ:9wmqYExhrRHBOkKJ1U51P/2+Tkzwoiy

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  0eeb462fb565a1433af00d6d36db07d347f8df1cf5726dd269f37ca3d2c8bf9d
- Size
  
  184KB
- MD5
  
  929694381eaea3b180a3b94aa5e11110
- SHA1
  
  a78ec7ea7ecb4cd32a07d3a2051f8d7ffc92858e
- SHA256
  
  0eeb462fb565a1433af00d6d36db07d347f8df1cf5726dd269f37ca3d2c8bf9d
- SHA512
  
  559a6abcac19b2948eb92eb7335c23eaf3680602f5d8df464297e53676401cc30d7579c4b669e24fe6b56b11b37f25e6cdaab2309247ee67574c36da2977571f
- SSDEEP
  
  3072:8WwmqYExhA2zTRgukMNoMOARKZ7n12Zzqe1E34/y9XHe0AJkzgQ6o23yJ:9wmqYExhrRHBOkKJ1U51P/2+Tkzwoiy
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorupx