sality | 37fa656e253f8b09326525d3df9c198b36184dab9310d23a13b8cdf0dc4222a3 | Triage

Submit
Reports

Overview

overview

Static

static

3

260ab996b2...cs.dll

windows7-x64

260ab996b2...cs.dll

windows10-2004-x64

Sharing

General

Target

260ab996b2fdbd6b2d66e8cb1ba2a570_NeikiAnalytics.exe
Size

120KB
Sample

240527-243bpsde3z
MD5

260ab996b2fdbd6b2d66e8cb1ba2a570
SHA1

313d989bd154963fa6160e56c3449d92aae5c182
SHA256

37fa656e253f8b09326525d3df9c198b36184dab9310d23a13b8cdf0dc4222a3
SHA512

69bb877366cc97e68f32332674af46b1ccb3f35aacc3806dac6071c5a037d34242b830eee6aa442456cd1617ea1cb9eed010955cbfb45f3257e96a75707ec178
SSDEEP

1536:68xs7FcFqqV05nbn4RGymMU7yAyIhDUEsmdXDAvLZ6f5T8A+oKxue0kMDLPLjLI+:rD+4DgyAZDR2Z6fp8A5DL7s1b

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

260ab996b2fdbd6b2d66e8cb1ba2a570_NeikiAnalytics.dll

Resource

win7-20240221-en

sality backdoor evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

260ab996b2fdbd6b2d66e8cb1ba2a570_NeikiAnalytics.dll

Resource

win10v2004-20240508-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  260ab996b2fdbd6b2d66e8cb1ba2a570_NeikiAnalytics.exe
- Size
  
  120KB
- MD5
  
  260ab996b2fdbd6b2d66e8cb1ba2a570
- SHA1
  
  313d989bd154963fa6160e56c3449d92aae5c182
- SHA256
  
  37fa656e253f8b09326525d3df9c198b36184dab9310d23a13b8cdf0dc4222a3
- SHA512
  
  69bb877366cc97e68f32332674af46b1ccb3f35aacc3806dac6071c5a037d34242b830eee6aa442456cd1617ea1cb9eed010955cbfb45f3257e96a75707ec178
- SSDEEP
  
  1536:68xs7FcFqqV05nbn4RGymMU7yAyIhDUEsmdXDAvLZ6f5T8A+oKxue0kMDLPLjLI+:rD+4DgyAZDR2Z6fp8A5DL7s1b
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy