sality | b7748212568d612152f46667fa27d3c47ce04aa00dfb89a032d2d8607323bbf3 | Triage

Submit
Reports

Overview

overview

Static

static

b774821256...f3.exe

windows7-x64

b774821256...f3.exe

windows10-2004-x64

Sharing

General

Target

b7748212568d612152f46667fa27d3c47ce04aa00dfb89a032d2d8607323bbf3
Size

173KB
Sample

221106-xeb11aaafj
MD5

0237d30a4893ced532ca226a4446f000
SHA1

e8cb61257f42c94743774dc7765ed23f3a89773b
SHA256

b7748212568d612152f46667fa27d3c47ce04aa00dfb89a032d2d8607323bbf3
SHA512

2dc244baa1e7854c47fbefe36bcda90fef01991ee7e7a3830909935905f06113b8f841fe91e5ad9abcfefba8ae1b61d8b5abca958d47bcc33a4584b3ad8e1ac2
SSDEEP

3072:oq/lSpAbGTe2Aq/tqijXjE91FjaYHLRlH9sVX1A:oqeAbgeETE91xHDOt1A

Score

10^/10

sality backdoor discovery evasion exploit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b7748212568d612152f46667fa27d3c47ce04aa00dfb89a032d2d8607323bbf3.exe

Resource

win7-20220901-en

sality backdoor discovery evasion exploit trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

b7748212568d612152f46667fa27d3c47ce04aa00dfb89a032d2d8607323bbf3.exe

Resource

win10v2004-20220812-en

sality backdoor upx

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  b7748212568d612152f46667fa27d3c47ce04aa00dfb89a032d2d8607323bbf3
- Size
  
  173KB
- MD5
  
  0237d30a4893ced532ca226a4446f000
- SHA1
  
  e8cb61257f42c94743774dc7765ed23f3a89773b
- SHA256
  
  b7748212568d612152f46667fa27d3c47ce04aa00dfb89a032d2d8607323bbf3
- SHA512
  
  2dc244baa1e7854c47fbefe36bcda90fef01991ee7e7a3830909935905f06113b8f841fe91e5ad9abcfefba8ae1b61d8b5abca958d47bcc33a4584b3ad8e1ac2
- SSDEEP
  
  3072:oq/lSpAbGTe2Aq/tqijXjE91FjaYHLRlH9sVX1A:oqeAbgeETE91xHDOt1A
Score

10^/10

sality backdoor discovery evasion exploit trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Modifies file permissions
  discovery
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasionexploittrojanupx

behavioral2

salitybackdoorupx

© 2018-2024

Terms | Privacy