sality | 93bd41bde4b05517d74e9203e2b4eabd19b0b00311103171d10ee74257660103 | Triage

Submit
Reports

Overview

overview

Static

static

3

b266b43791...cs.exe

windows7-x64

b266b43791...cs.exe

windows10-2004-x64

Sharing

General

Target

b266b43791026c6718e36de3d1c3e670_NeikiAnalytics.exe
Size

1.8MB
Sample

240523-fwgjdaeh46
MD5

b266b43791026c6718e36de3d1c3e670
SHA1

53e298fb5aac31f0430c78a9a16465313d23c68a
SHA256

93bd41bde4b05517d74e9203e2b4eabd19b0b00311103171d10ee74257660103
SHA512

2648728c9f4e98886990474c9f1c2a3d6ac1b51f8b01d841714c6051cdf66a95fce387f02b902b6e39f231acb29ed93d2754c4c1c8b0ec113c024340ca07f5a7
SSDEEP

24576:MddVtTj2i6OedT+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0A:6bTCrgxKCnFnQXBbrtgb/iQvu0UHOaT

Score

10^/10

sality backdoor evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b266b43791026c6718e36de3d1c3e670_NeikiAnalytics.exe

Resource

win7-20240221-en

sality backdoor evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

b266b43791026c6718e36de3d1c3e670_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

sality backdoor evasion persistence trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  b266b43791026c6718e36de3d1c3e670_NeikiAnalytics.exe
- Size
  
  1.8MB
- MD5
  
  b266b43791026c6718e36de3d1c3e670
- SHA1
  
  53e298fb5aac31f0430c78a9a16465313d23c68a
- SHA256
  
  93bd41bde4b05517d74e9203e2b4eabd19b0b00311103171d10ee74257660103
- SHA512
  
  2648728c9f4e98886990474c9f1c2a3d6ac1b51f8b01d841714c6051cdf66a95fce387f02b902b6e39f231acb29ed93d2754c4c1c8b0ec113c024340ca07f5a7
- SSDEEP
  
  24576:MddVtTj2i6OedT+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0A:6bTCrgxKCnFnQXBbrtgb/iQvu0UHOaT
Score

10^/10

sality backdoor evasion trojan upx persistence
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy