sality | 5121161804999ee3c3e2f74c91c1e44ab461319ac0b060e477f73565689eedc8 | Triage

Submit
Reports

Overview

overview

Static

static

5121161804...c8.exe

windows7-x64

3

5121161804...c8.exe

windows10-2004-x64

Sharing

General

Target

5121161804999ee3c3e2f74c91c1e44ab461319ac0b060e477f73565689eedc8
Size

124KB
Sample

221128-xz2gdsac75
MD5

5400d56735075bea117d21301912e590
SHA1

a397b6007ba527322e6932104a0aa6cba3e598ec
SHA256

5121161804999ee3c3e2f74c91c1e44ab461319ac0b060e477f73565689eedc8
SHA512

ba0737e3258d51f693242a06e222d1fe92cb4378aa6493f1f7450785eded092fbc124d3c92c0caa8181631d71877b29dbf22eb98c3948aa6a8b957fb8dfac724
SSDEEP

1536:8ZmDK0gw2f24EgRKzBocDliyuhSMN2PtrwDdZIMhYxZX3Ek88wjlp:imiwXdgw6cDEygcUdm0Y31k

Score

10^/10

sality backdoor evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

5121161804999ee3c3e2f74c91c1e44ab461319ac0b060e477f73565689eedc8.exe

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

5121161804999ee3c3e2f74c91c1e44ab461319ac0b060e477f73565689eedc8.exe

Resource

win10v2004-20221111-en

sality backdoor evasion persistence trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  5121161804999ee3c3e2f74c91c1e44ab461319ac0b060e477f73565689eedc8
- Size
  
  124KB
- MD5
  
  5400d56735075bea117d21301912e590
- SHA1
  
  a397b6007ba527322e6932104a0aa6cba3e598ec
- SHA256
  
  5121161804999ee3c3e2f74c91c1e44ab461319ac0b060e477f73565689eedc8
- SHA512
  
  ba0737e3258d51f693242a06e222d1fe92cb4378aa6493f1f7450785eded092fbc124d3c92c0caa8181631d71877b29dbf22eb98c3948aa6a8b957fb8dfac724
- SSDEEP
  
  1536:8ZmDK0gw2f24EgRKzBocDliyuhSMN2PtrwDdZIMhYxZX3Ek88wjlp:imiwXdgw6cDEygcUdm0Y31k
Score

10^/10

sality backdoor evasion persistence trojan upx
- Modifies visibility of file extensions in Explorer
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy