sality | ca30d8ed477161e87f81bc80c3f66be28358d3d44f0d62716f55fcde4481ab61 | Triage

Submit
Reports

Overview

overview

Static

static

3

ca30d8ed47...61.exe

windows10-1703-x64

Resubmissions

17-05-2024 23:39

240517-3nca1shb6v 10

31-03-2024 18:02

240331-wmf49agc61 10

31-03-2024 17:58

240331-wkbrragc21 10

Sharing

General

Target

ca30d8ed477161e87f81bc80c3f66be28358d3d44f0d62716f55fcde4481ab61
Size

754KB
Sample

240517-3nca1shb6v
MD5

f1fdda86a94e2d1abbd244089d73752f
SHA1

70f8defd6b861717142d7db8a1fe2be6a34a5b13
SHA256

ca30d8ed477161e87f81bc80c3f66be28358d3d44f0d62716f55fcde4481ab61
SHA512

6a4fb99c397b55a61be466f52a83dd9fade0e022f5cd3cdb18411069cea6b0f2ae85f980555e62b710955ce1083ed11377c2bcce495f6a6012dd3e2b4325f18c
SSDEEP

6144:VQM3xHba9C4q/HVF7eHpnTHzJEWyLBMRJDL+gpFfD2l9pAZcXXkqD:V3x7a9a8HdPjX+gpFfDO0+XX

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ca30d8ed477161e87f81bc80c3f66be28358d3d44f0d62716f55fcde4481ab61.exe

Resource

win10-20240404-en

sality backdoor evasion trojan upx

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  ca30d8ed477161e87f81bc80c3f66be28358d3d44f0d62716f55fcde4481ab61
- Size
  
  754KB
- MD5
  
  f1fdda86a94e2d1abbd244089d73752f
- SHA1
  
  70f8defd6b861717142d7db8a1fe2be6a34a5b13
- SHA256
  
  ca30d8ed477161e87f81bc80c3f66be28358d3d44f0d62716f55fcde4481ab61
- SHA512
  
  6a4fb99c397b55a61be466f52a83dd9fade0e022f5cd3cdb18411069cea6b0f2ae85f980555e62b710955ce1083ed11377c2bcce495f6a6012dd3e2b4325f18c
- SSDEEP
  
  6144:VQM3xHba9C4q/HVF7eHpnTHzJEWyLBMRJDL+gpFfD2l9pAZcXXkqD:V3x7a9a8HdPjX+gpFfDO0+XX
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy