sality | bb8f466cf32dec9c0637ac072d042bf36dd7cc3a0dadef8fbfe71b6a5e9127ac | Triage

Sharing

General

Target

bb8f466cf32dec9c0637ac072d042bf36dd7cc3a0dadef8fbfe71b6a5e9127ac
Size

265KB
Sample

240527-pblf9sbb4y
MD5

ef10528c63cea689df9e1dffc659b1be
SHA1

2ef939e803017691d096be072f319bb3d195f8e0
SHA256

bb8f466cf32dec9c0637ac072d042bf36dd7cc3a0dadef8fbfe71b6a5e9127ac
SHA512

22a636cbb9d3dbb9d91fd926d0e68b66b65f00135efad045db47693cb599f6daf132439b3d6ffda3e1c1b13b6eaad14980df7fc805c0aeac96e689e1910071b2
SSDEEP

3072:0HrfzYYc6X/YeW4l/DReos0gXf+EvC6C36eCWdMuoB+s6LRCkuB9N3iQzFXf8qUm:IAcl/DRfkTC3dM7B+mCjSaLxgMs+qH

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  bb8f466cf32dec9c0637ac072d042bf36dd7cc3a0dadef8fbfe71b6a5e9127ac
- Size
  
  265KB
- MD5
  
  ef10528c63cea689df9e1dffc659b1be
- SHA1
  
  2ef939e803017691d096be072f319bb3d195f8e0
- SHA256
  
  bb8f466cf32dec9c0637ac072d042bf36dd7cc3a0dadef8fbfe71b6a5e9127ac
- SHA512
  
  22a636cbb9d3dbb9d91fd926d0e68b66b65f00135efad045db47693cb599f6daf132439b3d6ffda3e1c1b13b6eaad14980df7fc805c0aeac96e689e1910071b2
- SSDEEP
  
  3072:0HrfzYYc6X/YeW4l/DReos0gXf+EvC6C36eCWdMuoB+s6LRCkuB9N3iQzFXf8qUm:IAcl/DRfkTC3dM7B+mCjSaLxgMs+qH
Score

10^/10

sality backdoor upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorupx

behavioral2

salitybackdoorevasiontrojanupx