sality | 9f1a0c84f765469bea74ac0b5b52cacb2628336b1aed2bc7bec2729b69ab555c | Triage

Submit
Reports

Overview

overview

Static

static

9f1a0c84f7...5c.exe

windows7-x64

3

9f1a0c84f7...5c.exe

windows10-2004-x64

Sharing

General

Target

9f1a0c84f765469bea74ac0b5b52cacb2628336b1aed2bc7bec2729b69ab555c
Size

167KB
Sample

221123-vd3ffsgg48
MD5

38b53a555b6f45f5e9485d02f7e4de9b
SHA1

b12c6b61d850cf032ed2d1acbf4c19b842ef2432
SHA256

9f1a0c84f765469bea74ac0b5b52cacb2628336b1aed2bc7bec2729b69ab555c
SHA512

f0dd37378df04170e812971148a283983bde0fcd0f5bb794091672ea9e96c5ad8f32be85cf4214c133b6b32110029c14b151539cae011422d1d5195e7adbe3ba
SSDEEP

3072:SYNQKPWDySRefVJltZrpRl1P3w0T80OBiikVnD12MX+v7cG:zNSDySRO1thpNQ0vDVh2P7

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

9f1a0c84f765469bea74ac0b5b52cacb2628336b1aed2bc7bec2729b69ab555c.exe

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f1a0c84f765469bea74ac0b5b52cacb2628336b1aed2bc7bec2729b69ab555c.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  9f1a0c84f765469bea74ac0b5b52cacb2628336b1aed2bc7bec2729b69ab555c
- Size
  
  167KB
- MD5
  
  38b53a555b6f45f5e9485d02f7e4de9b
- SHA1
  
  b12c6b61d850cf032ed2d1acbf4c19b842ef2432
- SHA256
  
  9f1a0c84f765469bea74ac0b5b52cacb2628336b1aed2bc7bec2729b69ab555c
- SHA512
  
  f0dd37378df04170e812971148a283983bde0fcd0f5bb794091672ea9e96c5ad8f32be85cf4214c133b6b32110029c14b151539cae011422d1d5195e7adbe3ba
- SSDEEP
  
  3072:SYNQKPWDySRefVJltZrpRl1P3w0T80OBiikVnD12MX+v7cG:zNSDySRO1thpNQ0vDVh2P7
Score

10^/10

sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy