sality | 5b06f9eeea254d0b4f1077e89775a1853f94aa918edc0d5bd5b5f99512ab469e | Triage

Submit
Reports

Overview

overview

Static

static

8

5b06f9eeea...9e.exe

windows7-x64

5b06f9eeea...9e.exe

windows10-2004-x64

Sharing

General

Target

5b06f9eeea254d0b4f1077e89775a1853f94aa918edc0d5bd5b5f99512ab469e
Size

1.7MB
Sample

221127-xgtzlaee3z
MD5

fa36f464100a56ab53f0c67253bfb761
SHA1

7f80097e5aa3fc5e77e8b36f27f0c525727c971b
SHA256

5b06f9eeea254d0b4f1077e89775a1853f94aa918edc0d5bd5b5f99512ab469e
SHA512

e0812d6a57a283d01898a8ebc30ad1893228ad49019d93313fa3da1e5b986015a622b7094f599ee04073731b6fcb367cfac90e936ce4328cc8d261ffd41b88f1
SSDEEP

49152:eLkqdDZqCgICMSO3DDVnPuZm+pSqrYXs+DKtaf:eLLVZqCgIChSDVPSm+MO4Dnf

Score

10^/10

sality aspackv2 backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5b06f9eeea254d0b4f1077e89775a1853f94aa918edc0d5bd5b5f99512ab469e.exe

Resource

win7-20220812-en

sality aspackv2 backdoor evasion trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b06f9eeea254d0b4f1077e89775a1853f94aa918edc0d5bd5b5f99512ab469e.exe

Resource

win10v2004-20220812-en

sality aspackv2 backdoor evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  5b06f9eeea254d0b4f1077e89775a1853f94aa918edc0d5bd5b5f99512ab469e
- Size
  
  1.7MB
- MD5
  
  fa36f464100a56ab53f0c67253bfb761
- SHA1
  
  7f80097e5aa3fc5e77e8b36f27f0c525727c971b
- SHA256
  
  5b06f9eeea254d0b4f1077e89775a1853f94aa918edc0d5bd5b5f99512ab469e
- SHA512
  
  e0812d6a57a283d01898a8ebc30ad1893228ad49019d93313fa3da1e5b986015a622b7094f599ee04073731b6fcb367cfac90e936ce4328cc8d261ffd41b88f1
- SSDEEP
  
  49152:eLkqdDZqCgICMSO3DDVnPuZm+pSqrYXs+DKtaf:eLLVZqCgIChSDVPSm+MO4Dnf
Score

10^/10

sality aspackv2 backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

salityaspackv2backdoorevasiontrojanupx

behavioral2

salityaspackv2backdoorevasiontrojanupx

© 2018-2024

Terms | Privacy