sality | 8a17714c0f54562ee6c3a45c6aaf15849b85e811b3013ecbed151a7d3f853bf5 | Triage

Submit
Reports

Overview

overview

Static

static

3

5f27dba2c6...cs.dll

windows7-x64

5f27dba2c6...cs.dll

windows10-2004-x64

Sharing

General

Target

5f27dba2c62db27fa47a0c2689d85d10_NeikiAnalytics.exe
Size

120KB
Sample

240519-dns64afd3x
MD5

5f27dba2c62db27fa47a0c2689d85d10
SHA1

6b0dc4f2c5b35708e624252bc6df81f57e31fab0
SHA256

8a17714c0f54562ee6c3a45c6aaf15849b85e811b3013ecbed151a7d3f853bf5
SHA512

43674c2ccbceb70b66371b5f102eaf757a56f23b43588b42900e28e525505a858bcb087885ab2579a1c81620e9c190b82a5568e2596894ecefdcce95a5565da0
SSDEEP

1536:4Qyf7gV5kFNHRth7fU0xrz3BHQM7HRRjF6/NDjkGqntJ9EM2cquQ/T3nQm:4QyseF1/ZU0B35rw5kGqtJW3n

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5f27dba2c62db27fa47a0c2689d85d10_NeikiAnalytics.dll

Resource

win7-20240221-en

sality backdoor evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5f27dba2c62db27fa47a0c2689d85d10_NeikiAnalytics.dll

Resource

win10v2004-20240508-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  5f27dba2c62db27fa47a0c2689d85d10_NeikiAnalytics.exe
- Size
  
  120KB
- MD5
  
  5f27dba2c62db27fa47a0c2689d85d10
- SHA1
  
  6b0dc4f2c5b35708e624252bc6df81f57e31fab0
- SHA256
  
  8a17714c0f54562ee6c3a45c6aaf15849b85e811b3013ecbed151a7d3f853bf5
- SHA512
  
  43674c2ccbceb70b66371b5f102eaf757a56f23b43588b42900e28e525505a858bcb087885ab2579a1c81620e9c190b82a5568e2596894ecefdcce95a5565da0
- SSDEEP
  
  1536:4Qyf7gV5kFNHRth7fU0xrz3BHQM7HRRjF6/NDjkGqntJ9EM2cquQ/T3nQm:4QyseF1/ZU0B35rw5kGqtJW3n
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy