sality | 674ff8a493d0c98d32241af84c1414bcb4fa59f31fb9f89c2f0d614eb947c28e | Triage

Sharing

General

Target

674ff8a493d0c98d32241af84c1414bcb4fa59f31fb9f89c2f0d614eb947c28e
Size

1.0MB
Sample

221106-xn9cvsgcd6
MD5

0c676d6918e3f9df8cc83f2c2f477fb0
SHA1

c64b19215031643f0462a555b182b3674e28d0c9
SHA256

674ff8a493d0c98d32241af84c1414bcb4fa59f31fb9f89c2f0d614eb947c28e
SHA512

9af7b8478355991faac28f2f053a067ecb3c9dc49081cb4fb4184e5e669ac1826b67c400a25c2f2c59979850244d4dd4f07311a5e238ec078bc348ec063968c3
SSDEEP

24576:/CRfD357uayPYgtXsKf0C/GBgTLLMJGONGgOsJnVaJTeKVor:/CdJWPrx0C/Ge3LMJnNLbJVMeD

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  674ff8a493d0c98d32241af84c1414bcb4fa59f31fb9f89c2f0d614eb947c28e
- Size
  
  1.0MB
- MD5
  
  0c676d6918e3f9df8cc83f2c2f477fb0
- SHA1
  
  c64b19215031643f0462a555b182b3674e28d0c9
- SHA256
  
  674ff8a493d0c98d32241af84c1414bcb4fa59f31fb9f89c2f0d614eb947c28e
- SHA512
  
  9af7b8478355991faac28f2f053a067ecb3c9dc49081cb4fb4184e5e669ac1826b67c400a25c2f2c59979850244d4dd4f07311a5e238ec078bc348ec063968c3
- SSDEEP
  
  24576:/CRfD357uayPYgtXsKf0C/GBgTLLMJGONGgOsJnVaJTeKVor:/CdJWPrx0C/Ge3LMJnNLbJVMeD
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx