sality | 737d7ee27ce62b5606970dd7564a55ce41dc49452a97952f62db482366f84631 | Triage

Sharing

General

Target

737d7ee27ce62b5606970dd7564a55ce41dc49452a97952f62db482366f84631
Size

1.9MB
Sample

231010-2nfsrsaa87
MD5

bf871679e38ef627c5affe87b35a4ac8
SHA1

b43830a588b1b7e53b4e5cdcc8167a6d65045d18
SHA256

737d7ee27ce62b5606970dd7564a55ce41dc49452a97952f62db482366f84631
SHA512

b2cc2556fe7209f3914137fc34eef982ef672474e80794dcd07732600821e98758744b1adf13a0bc10e292f56bc539ccb35ba23e07773792b4b27a0e44e3486d
SSDEEP

24576:kzbqLh//9lf8DUAbFHm3EUCQLj6NlguzlHTLTS+1FJXWg:AbKdg+0mLj4lF5TLT5z

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  737d7ee27ce62b5606970dd7564a55ce41dc49452a97952f62db482366f84631
- Size
  
  1.9MB
- MD5
  
  bf871679e38ef627c5affe87b35a4ac8
- SHA1
  
  b43830a588b1b7e53b4e5cdcc8167a6d65045d18
- SHA256
  
  737d7ee27ce62b5606970dd7564a55ce41dc49452a97952f62db482366f84631
- SHA512
  
  b2cc2556fe7209f3914137fc34eef982ef672474e80794dcd07732600821e98758744b1adf13a0bc10e292f56bc539ccb35ba23e07773792b4b27a0e44e3486d
- SSDEEP
  
  24576:kzbqLh//9lf8DUAbFHm3EUCQLj6NlguzlHTLTS+1FJXWg:AbKdg+0mLj4lF5TLT5z
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx