sality | f4152bcc5bafdf42a9a570f8141ca70d826e5cc695e3c13c5eeb1d805f6fdf5e | Triage

Submit
Reports

Overview

overview

Static

static

f4152bcc5b...5e.exe

windows7-x64

f4152bcc5b...5e.exe

windows10-2004-x64

Sharing

General

Target

f4152bcc5bafdf42a9a570f8141ca70d826e5cc695e3c13c5eeb1d805f6fdf5e
Size

120KB
Sample

221123-vksjtscb71
MD5

42d1ec66defdf6010e357617be712540
SHA1

27e68a6fd65b2b705ea79ddbed1fc7e9d0808f3a
SHA256

f4152bcc5bafdf42a9a570f8141ca70d826e5cc695e3c13c5eeb1d805f6fdf5e
SHA512

6c4f7b774691b516a2fa70dbfdaf691acb7f6dcc7f462d8dd11ef759baca435b94ba6bac0762d8240796a9f36beceac1808975d3dfc2a7adbdfc3b8f20be9541
SSDEEP

1536:++lcoSU7DpPLLmo/7boC0q96fjDzRKfBhc3qfO01nILWmnt+D7Fe:++lcoSspPDboC0q9eDzRwQ3b0ot+Fe

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f4152bcc5bafdf42a9a570f8141ca70d826e5cc695e3c13c5eeb1d805f6fdf5e.exe

Resource

win7-20221111-en

sality backdoor evasion trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

f4152bcc5bafdf42a9a570f8141ca70d826e5cc695e3c13c5eeb1d805f6fdf5e.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  f4152bcc5bafdf42a9a570f8141ca70d826e5cc695e3c13c5eeb1d805f6fdf5e
- Size
  
  120KB
- MD5
  
  42d1ec66defdf6010e357617be712540
- SHA1
  
  27e68a6fd65b2b705ea79ddbed1fc7e9d0808f3a
- SHA256
  
  f4152bcc5bafdf42a9a570f8141ca70d826e5cc695e3c13c5eeb1d805f6fdf5e
- SHA512
  
  6c4f7b774691b516a2fa70dbfdaf691acb7f6dcc7f462d8dd11ef759baca435b94ba6bac0762d8240796a9f36beceac1808975d3dfc2a7adbdfc3b8f20be9541
- SSDEEP
  
  1536:++lcoSU7DpPLLmo/7boC0q96fjDzRKfBhc3qfO01nILWmnt+D7Fe:++lcoSspPDboC0q9eDzRwQ3b0ot+Fe
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy