sality | 4b934e96f67c7eb934962d10c9c71c5c2c28a1737779c337b3310dcdc7473c73 | Triage

Submit
Reports

Overview

overview

Static

static

3

ceeb610e15...cs.exe

windows7-x64

ceeb610e15...cs.exe

windows10-2004-x64

Sharing

General

Target

ceeb610e15af1d068e87bea002f4b360_NeikiAnalytics.exe
Size

65KB
Sample

240517-jawyqafe2z
MD5

ceeb610e15af1d068e87bea002f4b360
SHA1

50a355388759982f98a419dade3dac7f1e6c8657
SHA256

4b934e96f67c7eb934962d10c9c71c5c2c28a1737779c337b3310dcdc7473c73
SHA512

f6a27ff2d2209ec726a571a1299bc9f53f4482bf29d41f78f52fbfdaa387a6c6219e31f164c23fbcfffc90f0b84f83621b446e698df702b8711ba7630a24cf08
SSDEEP

1536:/KdDNqdRPJNVtl+Pqxe5kqo+CEMA9ZvQHVerKBOnDvOEdCH88tX:/KhNAJ5Ki8ktFA9ZvGgGOD2EdL8tX

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ceeb610e15af1d068e87bea002f4b360_NeikiAnalytics.exe

Resource

win7-20240221-en

sality backdoor evasion trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ceeb610e15af1d068e87bea002f4b360_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  ceeb610e15af1d068e87bea002f4b360_NeikiAnalytics.exe
- Size
  
  65KB
- MD5
  
  ceeb610e15af1d068e87bea002f4b360
- SHA1
  
  50a355388759982f98a419dade3dac7f1e6c8657
- SHA256
  
  4b934e96f67c7eb934962d10c9c71c5c2c28a1737779c337b3310dcdc7473c73
- SHA512
  
  f6a27ff2d2209ec726a571a1299bc9f53f4482bf29d41f78f52fbfdaa387a6c6219e31f164c23fbcfffc90f0b84f83621b446e698df702b8711ba7630a24cf08
- SSDEEP
  
  1536:/KdDNqdRPJNVtl+Pqxe5kqo+CEMA9ZvQHVerKBOnDvOEdCH88tX:/KhNAJ5Ki8ktFA9ZvGgGOD2EdL8tX
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy