sality | 217a14cb89747af8b078778f558accdb0af75cca886525b8e275249ce73204b7 | Triage

Sharing

General

Target

2e45e05ad9c5ee45445c2f7850a44360_NeikiAnalytics
Size

84KB
Sample

240511-x25ltsgc63
MD5

2e45e05ad9c5ee45445c2f7850a44360
SHA1

3c133d59568dbcb0cd79055638c4ff09583a6b31
SHA256

217a14cb89747af8b078778f558accdb0af75cca886525b8e275249ce73204b7
SHA512

e91be572591114f647b64109b9973283ed97ecc00e2fade30a5e81725b6e98494e7193a352e7c3dedc29bd1aa28e81e003c2b34641d25c3aa10238b3638ffc60
SSDEEP

1536:Rlf2I00k/1uuR8zpzZlVIs4Afofk5b9J832LZmyrGJ:RlUR8pZzIa75bDe2Lr8

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  2e45e05ad9c5ee45445c2f7850a44360_NeikiAnalytics
- Size
  
  84KB
- MD5
  
  2e45e05ad9c5ee45445c2f7850a44360
- SHA1
  
  3c133d59568dbcb0cd79055638c4ff09583a6b31
- SHA256
  
  217a14cb89747af8b078778f558accdb0af75cca886525b8e275249ce73204b7
- SHA512
  
  e91be572591114f647b64109b9973283ed97ecc00e2fade30a5e81725b6e98494e7193a352e7c3dedc29bd1aa28e81e003c2b34641d25c3aa10238b3638ffc60
- SSDEEP
  
  1536:Rlf2I00k/1uuR8zpzZlVIs4Afofk5b9J832LZmyrGJ:RlUR8pZzIa75bDe2Lr8
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorupx