sality | 02bf2115149941d915cf0e8caa9e2c74f095065b0890be40ca4c25823b031271 | Triage

Submit
Reports

Overview

overview

Static

static

02bf211514...71.exe

windows7-x64

02bf211514...71.exe

windows10-2004-x64

Sharing

General

Target

02bf2115149941d915cf0e8caa9e2c74f095065b0890be40ca4c25823b031271
Size

181KB
Sample

221119-z6mmxsbh26
MD5

41e056baa1b836250acdbd38038f33e0
SHA1

247df66ecc857feff3cd603bcc224199ac3202da
SHA256

02bf2115149941d915cf0e8caa9e2c74f095065b0890be40ca4c25823b031271
SHA512

fa9729858776c41ac4a7ec36a5d346bc419f7414664a1a31f43b965324b1ad712cd6e2932fee6d76a1e93c3fe46951b82cbdf0373d3be2a37d89180058676936
SSDEEP

3072:Gq/oSpAbGTe2Aq/tqiHJqwxgZh5ifl1cOduZE9141A:GqRAbgeSxkhVOduy41A

Score

10^/10

sality backdoor discovery evasion exploit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

02bf2115149941d915cf0e8caa9e2c74f095065b0890be40ca4c25823b031271.exe

Resource

win7-20220812-en

sality backdoor discovery evasion exploit trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

02bf2115149941d915cf0e8caa9e2c74f095065b0890be40ca4c25823b031271.exe

Resource

win10v2004-20220812-en

sality backdoor upx

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  02bf2115149941d915cf0e8caa9e2c74f095065b0890be40ca4c25823b031271
- Size
  
  181KB
- MD5
  
  41e056baa1b836250acdbd38038f33e0
- SHA1
  
  247df66ecc857feff3cd603bcc224199ac3202da
- SHA256
  
  02bf2115149941d915cf0e8caa9e2c74f095065b0890be40ca4c25823b031271
- SHA512
  
  fa9729858776c41ac4a7ec36a5d346bc419f7414664a1a31f43b965324b1ad712cd6e2932fee6d76a1e93c3fe46951b82cbdf0373d3be2a37d89180058676936
- SSDEEP
  
  3072:Gq/oSpAbGTe2Aq/tqiHJqwxgZh5ifl1cOduZE9141A:GqRAbgeSxkhVOduy41A
Score

10^/10

sality backdoor discovery evasion exploit trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Modifies file permissions
  discovery
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasionexploittrojanupx

behavioral2

salitybackdoorupx

© 2018-2024

Terms | Privacy