sality | 48dba77f71d93d46d8b83b02100224550db869963180f0574ddecd5ce62500d8 | Triage

Sharing

General

Target

NEAS.71c3584ac1a2ee104225ecc55f81c9c0.exe
Size

409KB
Sample

231014-wkkpnabh2t
MD5

71c3584ac1a2ee104225ecc55f81c9c0
SHA1

a866f3a765befa06c3396971f87020f167ab51ef
SHA256

48dba77f71d93d46d8b83b02100224550db869963180f0574ddecd5ce62500d8
SHA512

784f902984ccfc425d434d53bc9482428e4775ef86c50faca31604b37c7407221a8e3fb0b765dab57f5ffb2d34d0de7a14396242cdd7626358e47f6443b0bbfa
SSDEEP

6144:m+YUO6e/fC+4L6gzEv04qAOkalGCYMe3PgPiIyoFr5BOJhGJHy3:d5ONq+4+gzw04qC7Mef0i5ar5BrHy3

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  NEAS.71c3584ac1a2ee104225ecc55f81c9c0.exe
- Size
  
  409KB
- MD5
  
  71c3584ac1a2ee104225ecc55f81c9c0
- SHA1
  
  a866f3a765befa06c3396971f87020f167ab51ef
- SHA256
  
  48dba77f71d93d46d8b83b02100224550db869963180f0574ddecd5ce62500d8
- SHA512
  
  784f902984ccfc425d434d53bc9482428e4775ef86c50faca31604b37c7407221a8e3fb0b765dab57f5ffb2d34d0de7a14396242cdd7626358e47f6443b0bbfa
- SSDEEP
  
  6144:m+YUO6e/fC+4L6gzEv04qAOkalGCYMe3PgPiIyoFr5BOJhGJHy3:d5ONq+4+gzw04qC7Mef0i5ar5BrHy3
Score

10^/10

sality backdoor upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorupx

behavioral2

salitybackdoorevasiontrojanupx