sality | 57ca6e9274725eb3a67a890366a2d94b9c660302be05961e12fa25dd1302fc63 | Triage

Sharing

General

Target

0b9f199a9c215c6e3a9c44ad7839cc8d
Size

381KB
Sample

231230-cxdmbseed5
MD5

0b9f199a9c215c6e3a9c44ad7839cc8d
SHA1

a4f427e217048484f793b9bd2da72e005c602c76
SHA256

57ca6e9274725eb3a67a890366a2d94b9c660302be05961e12fa25dd1302fc63
SHA512

55614f51a660953106454c7e55ae51beafe0c333a9294965ac4bc390ccd3454ead94f3f9beecad7bd9810ddae4a153f10ddc061b97b3bd460ef8ff5b2ec9ceae
SSDEEP

6144:0ZKlg1Vlhw/aAa1Zg30ZTNWSG6/7aDqWCn54YqcDe/5pXsGKLu8NKuPNcRSZ:020VlhganzrWSG6zzWC5kcDextmxKsNj

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  0b9f199a9c215c6e3a9c44ad7839cc8d
- Size
  
  381KB
- MD5
  
  0b9f199a9c215c6e3a9c44ad7839cc8d
- SHA1
  
  a4f427e217048484f793b9bd2da72e005c602c76
- SHA256
  
  57ca6e9274725eb3a67a890366a2d94b9c660302be05961e12fa25dd1302fc63
- SHA512
  
  55614f51a660953106454c7e55ae51beafe0c333a9294965ac4bc390ccd3454ead94f3f9beecad7bd9810ddae4a153f10ddc061b97b3bd460ef8ff5b2ec9ceae
- SSDEEP
  
  6144:0ZKlg1Vlhw/aAa1Zg30ZTNWSG6/7aDqWCn54YqcDe/5pXsGKLu8NKuPNcRSZ:020VlhganzrWSG6zzWC5kcDextmxKsNj
Score

10^/10

sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx