sality | 137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c | Triage

Submit
Reports

Overview

overview

Static

static

137ea5e989...9c.exe

windows7-x64

137ea5e989...9c.exe

windows10-2004-x64

Sharing

General

Target

137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c
Size

550KB
Sample

221123-tbdtmsgf41
MD5

439efae84238ce54fd613fa3268d4e06
SHA1

b6e6c16bf1b53368f503aaf2e189bba809cec5ee
SHA256

137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c
SHA512

a9c17968eabdc8fef199c9b255f48c92112f1b5c0d173b3921ed00e23c82a08d47784ebcc00c03c0a3682c4d60e30de43af0911a93f4ccae2e0c59b247b0609d
SSDEEP

6144:u9Mtzp5vblDqMCYghSWYg8aKYEFjdc555WMHSYgIxs6HGSYEU5B3A+Owq:mMtvzlDxihSS8aKQ7yYimFYbbA9wq

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c.exe

Resource

win7-20221111-en

sality backdoor evasion trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c.exe

Resource

win10v2004-20221111-en

sality backdoor evasion trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c
- Size
  
  550KB
- MD5
  
  439efae84238ce54fd613fa3268d4e06
- SHA1
  
  b6e6c16bf1b53368f503aaf2e189bba809cec5ee
- SHA256
  
  137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c
- SHA512
  
  a9c17968eabdc8fef199c9b255f48c92112f1b5c0d173b3921ed00e23c82a08d47784ebcc00c03c0a3682c4d60e30de43af0911a93f4ccae2e0c59b247b0609d
- SSDEEP
  
  6144:u9Mtzp5vblDqMCYghSWYg8aKYEFjdc555WMHSYgIxs6HGSYEU5B3A+Owq:mMtvzlDxihSS8aKQ7yYimFYbbA9wq
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy