sality | 436846c3db0247c2dc898bbdff318cde6d206733d9e3004f9c1abadba1afb3c3 | Triage

Sharing

General

Target

9f687e52ac47b3d6a51d43b833348400_NeikiAnalytics.exe
Size

159KB
Sample

240614-d8zvdatfnc
MD5

9f687e52ac47b3d6a51d43b833348400
SHA1

5dfd3b8930edb72d875d4e8e2cd9cc1f8ffa628c
SHA256

436846c3db0247c2dc898bbdff318cde6d206733d9e3004f9c1abadba1afb3c3
SHA512

50aec71b5d94d977bff132ae017f2734e2fa7f5d8fb6c3792189ce370e274274446b28cb9a409de35e73fbe5db6ced75ab0a63affd9f0d2686d77e8473ae2243
SSDEEP

3072:Z5dnu0W5ZyYi+KpM6TWkrtGGF4v+QLfDP/CEINkt0xFgYNz6Y:5nxIZhKp1jFX4D8gO6Y

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  9f687e52ac47b3d6a51d43b833348400_NeikiAnalytics.exe
- Size
  
  159KB
- MD5
  
  9f687e52ac47b3d6a51d43b833348400
- SHA1
  
  5dfd3b8930edb72d875d4e8e2cd9cc1f8ffa628c
- SHA256
  
  436846c3db0247c2dc898bbdff318cde6d206733d9e3004f9c1abadba1afb3c3
- SHA512
  
  50aec71b5d94d977bff132ae017f2734e2fa7f5d8fb6c3792189ce370e274274446b28cb9a409de35e73fbe5db6ced75ab0a63affd9f0d2686d77e8473ae2243
- SSDEEP
  
  3072:Z5dnu0W5ZyYi+KpM6TWkrtGGF4v+QLfDP/CEINkt0xFgYNz6Y:5nxIZhKp1jFX4D8gO6Y
Score

10^/10

sality backdoor upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorupx

behavioral2

salitybackdoorevasiontrojanupx