sality | 84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630 | Triage

Sharing

General

Target

84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630
Size

2.3MB
Sample

240518-j7ka7abd4t
MD5

afc9983c53cb1cf1499744e352d55495
SHA1

def7a0a8fe04e85b78784f2bf4085b4336f87e5b
SHA256

84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630
SHA512

ebde26f7244388f745ead564445b460cb7cc2dfc2162ed16fabc1eff7bbadcd77ea4f29de17c1ac20c2aaf04252d373aafe91861a5a7827c57157dc4dcd8ab2c
SSDEEP

49152:JvggggMYMb0aDsQ1FTw5GbFp0whdZSjYKP/hVY7kXE7PO:JUb0aDfssbFpbUYghO

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630
- Size
  
  2.3MB
- MD5
  
  afc9983c53cb1cf1499744e352d55495
- SHA1
  
  def7a0a8fe04e85b78784f2bf4085b4336f87e5b
- SHA256
  
  84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630
- SHA512
  
  ebde26f7244388f745ead564445b460cb7cc2dfc2162ed16fabc1eff7bbadcd77ea4f29de17c1ac20c2aaf04252d373aafe91861a5a7827c57157dc4dcd8ab2c
- SSDEEP
  
  49152:JvggggMYMb0aDsQ1FTw5GbFp0whdZSjYKP/hVY7kXE7PO:JUb0aDfssbFpbUYghO
Score

10^/10

sality backdoor upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorupx

behavioral2

salitybackdoorevasiontrojanupx