sality | 68eecc4390fa37b1b86daafdf9cc08fd512400313b08e5fd1379b91b4d117337 | Triage

Submit
Reports

Overview

overview

Static

static

3

68eecc4390...37.exe

windows7-x64

68eecc4390...37.exe

windows10-2004-x64

Sharing

General

Target

68eecc4390fa37b1b86daafdf9cc08fd512400313b08e5fd1379b91b4d117337
Size

65KB
Sample

240611-2x8j5svglf
MD5

0c9a83a8eb6cedfa06d350f8be25e5a5
SHA1

aa84034baed7c66a9fce79d4bdf87eb0f35cb63f
SHA256

68eecc4390fa37b1b86daafdf9cc08fd512400313b08e5fd1379b91b4d117337
SHA512

4afd5d8a80281761875aac7b1ffda8ce7e9bf29ded0bc649fa255b87f807503fe3371ca81f2f9f7596622b95d73078e7b587bf0dd5f7986c669811945c79b63a
SSDEEP

1536:UWZyUdwbTd1qfKnlWvM6i+YgaP+kSnssYil8VojsWF8NMhS2F:UTU6Oilg7Yb5SnfYil8xWF8NM42F

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

68eecc4390fa37b1b86daafdf9cc08fd512400313b08e5fd1379b91b4d117337.exe

Resource

win7-20240221-en

sality backdoor evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

68eecc4390fa37b1b86daafdf9cc08fd512400313b08e5fd1379b91b4d117337.exe

Resource

win10v2004-20240426-en

sality backdoor evasion trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  68eecc4390fa37b1b86daafdf9cc08fd512400313b08e5fd1379b91b4d117337
- Size
  
  65KB
- MD5
  
  0c9a83a8eb6cedfa06d350f8be25e5a5
- SHA1
  
  aa84034baed7c66a9fce79d4bdf87eb0f35cb63f
- SHA256
  
  68eecc4390fa37b1b86daafdf9cc08fd512400313b08e5fd1379b91b4d117337
- SHA512
  
  4afd5d8a80281761875aac7b1ffda8ce7e9bf29ded0bc649fa255b87f807503fe3371ca81f2f9f7596622b95d73078e7b587bf0dd5f7986c669811945c79b63a
- SSDEEP
  
  1536:UWZyUdwbTd1qfKnlWvM6i+YgaP+kSnssYil8VojsWF8NMhS2F:UTU6Oilg7Yb5SnfYil8xWF8NM42F
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy