sality | c8411eb54a344a989a6ab71a27309f911267b410f39bb1208b1313bfd44893dd | Triage

Sharing

General

Target

NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe
Size

154KB
Sample

231014-wgd3pshh4w
MD5

46a81a11f7d36c2d8dc5ed9a6182ccc0
SHA1

93d30d837390c8d84ee8563679e7f938f6b21114
SHA256

c8411eb54a344a989a6ab71a27309f911267b410f39bb1208b1313bfd44893dd
SHA512

46c73e815a52ff55fe26dbb038d29d8d7ea976d3712b85729e15fe1aefb7558d083eccafb909942508b1670f909d317473213876d7fd0c03912aca68bdc4304e
SSDEEP

3072:8D4JlU3G9inroLloqC+LwWWSJjRgYuOZVRRM:gnqS5+LwhSnsOfRRM

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  NEAS.46a81a11f7d36c2d8dc5ed9a6182ccc0.exe
- Size
  
  154KB
- MD5
  
  46a81a11f7d36c2d8dc5ed9a6182ccc0
- SHA1
  
  93d30d837390c8d84ee8563679e7f938f6b21114
- SHA256
  
  c8411eb54a344a989a6ab71a27309f911267b410f39bb1208b1313bfd44893dd
- SHA512
  
  46c73e815a52ff55fe26dbb038d29d8d7ea976d3712b85729e15fe1aefb7558d083eccafb909942508b1670f909d317473213876d7fd0c03912aca68bdc4304e
- SSDEEP
  
  3072:8D4JlU3G9inroLloqC+LwWWSJjRgYuOZVRRM:gnqS5+LwhSnsOfRRM
Score

10^/10

sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx