sality | 3a8471c413d01355761157dd92c7cc860d01856d5f8e4e09c1522447f1a93da5 | Triage

Sharing

General

Target

55c98514b01b970c1a216fd73ce5f400_NeikiAnalytics.exe
Size

819KB
Sample

240608-pmj3ksbf3t
MD5

55c98514b01b970c1a216fd73ce5f400
SHA1

6d03949535f4145e3d80780cac005053048618e1
SHA256

3a8471c413d01355761157dd92c7cc860d01856d5f8e4e09c1522447f1a93da5
SHA512

e8486f3062362c76e3e93790c77767542d85cfa64bb03f4cda4ea201722b9ba9cf63bff4e93d0e373314424b9626a5b0b7036ec0d7f093a7ea6a5a4016bd8ee1
SSDEEP

24576:97rzy0Xh9AbC7EOeBPOYMe3ercBRTWhKG:hrz1D7PIhleIB0hK

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  55c98514b01b970c1a216fd73ce5f400_NeikiAnalytics.exe
- Size
  
  819KB
- MD5
  
  55c98514b01b970c1a216fd73ce5f400
- SHA1
  
  6d03949535f4145e3d80780cac005053048618e1
- SHA256
  
  3a8471c413d01355761157dd92c7cc860d01856d5f8e4e09c1522447f1a93da5
- SHA512
  
  e8486f3062362c76e3e93790c77767542d85cfa64bb03f4cda4ea201722b9ba9cf63bff4e93d0e373314424b9626a5b0b7036ec0d7f093a7ea6a5a4016bd8ee1
- SSDEEP
  
  24576:97rzy0Xh9AbC7EOeBPOYMe3ercBRTWhKG:hrz1D7PIhleIB0hK
Score

10^/10

sality backdoor upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorupx

behavioral2

salitybackdoorevasiontrojanupx