sality | a1fa405e15cbdf1b3dd7247d5a708b9d8e62ade764a9df7b9075fbbe14dcb71d | Triage

Submit
Reports

Overview

overview

Static

static

3

a1fa405e15...1d.exe

windows7-x64

a1fa405e15...1d.exe

windows10-2004-x64

Sharing

General

Target

a1fa405e15cbdf1b3dd7247d5a708b9d8e62ade764a9df7b9075fbbe14dcb71d
Size

1.3MB
Sample

240518-cv59kafh79
MD5

780331c1ca6bb5df11eff07d0e2ae963
SHA1

dd6d3f3d8367b9a8cbecfe2b5839c542caea7225
SHA256

a1fa405e15cbdf1b3dd7247d5a708b9d8e62ade764a9df7b9075fbbe14dcb71d
SHA512

229d70fab70a26d01109c0d56eebc28b7bc71c7410d14356e2309b97c9cc7222677ced289c26c9072145dfa04b54fd7dac06a0de34a58cde62a790d391ea4f8c
SSDEEP

24576:X7ZNQ1pZtDtfu67T8a+SHDy45m5ZbHNYG4k2EV2ynovuTGn7QWxxdALx:X7ZNQ1pZDuOTLHhs/pV2yn7TG7ZRAd

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a1fa405e15cbdf1b3dd7247d5a708b9d8e62ade764a9df7b9075fbbe14dcb71d.exe

Resource

win7-20240221-en

sality backdoor evasion trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

a1fa405e15cbdf1b3dd7247d5a708b9d8e62ade764a9df7b9075fbbe14dcb71d.exe

Resource

win10v2004-20240226-en

sality backdoor evasion trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  a1fa405e15cbdf1b3dd7247d5a708b9d8e62ade764a9df7b9075fbbe14dcb71d
- Size
  
  1.3MB
- MD5
  
  780331c1ca6bb5df11eff07d0e2ae963
- SHA1
  
  dd6d3f3d8367b9a8cbecfe2b5839c542caea7225
- SHA256
  
  a1fa405e15cbdf1b3dd7247d5a708b9d8e62ade764a9df7b9075fbbe14dcb71d
- SHA512
  
  229d70fab70a26d01109c0d56eebc28b7bc71c7410d14356e2309b97c9cc7222677ced289c26c9072145dfa04b54fd7dac06a0de34a58cde62a790d391ea4f8c
- SSDEEP
  
  24576:X7ZNQ1pZtDtfu67T8a+SHDy45m5ZbHNYG4k2EV2ynovuTGn7QWxxdALx:X7ZNQ1pZDuOTLHhs/pV2yn7TG7ZRAd
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy