sality | e696d43d3f37e1f007559b19733d86fa48e57f5f327dd024313dab38271d30a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

1f61fab5db...cs.exe

windows7-x64

1f61fab5db...cs.exe

windows10-2004-x64

Sharing

General

Target

1f61fab5db3a78a214f4b48ddd779c00_NeikiAnalytics.exe
Size

1.4MB
Sample

240616-3sfh8syarl
MD5

1f61fab5db3a78a214f4b48ddd779c00
SHA1

9dd9fdebcbd39caf571c4d89878f663139c3d110
SHA256

e696d43d3f37e1f007559b19733d86fa48e57f5f327dd024313dab38271d30a4
SHA512

1b9e0481edead29a0c3f621f34c6f8c75243172e12b836c040cc2c1381dda5907bae979bc5342bda5ff1419e754ac4ebc01a6e68d7a53ba7beb1ea4567e3399e
SSDEEP

24576:3qY9a3CgN5msCQXxWO+m9SO44g9q60gGxSFnlihNhZut0xknSSlFutisu:3l9A/CQhYDOrgyLglAnk0KRlF6o

Score

10^/10

sality backdoor bootkit evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f61fab5db3a78a214f4b48ddd779c00_NeikiAnalytics.exe

Resource

win7-20240611-en

sality backdoor bootkit evasion persistence trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f61fab5db3a78a214f4b48ddd779c00_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

sality backdoor bootkit evasion persistence trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  1f61fab5db3a78a214f4b48ddd779c00_NeikiAnalytics.exe
- Size
  
  1.4MB
- MD5
  
  1f61fab5db3a78a214f4b48ddd779c00
- SHA1
  
  9dd9fdebcbd39caf571c4d89878f663139c3d110
- SHA256
  
  e696d43d3f37e1f007559b19733d86fa48e57f5f327dd024313dab38271d30a4
- SHA512
  
  1b9e0481edead29a0c3f621f34c6f8c75243172e12b836c040cc2c1381dda5907bae979bc5342bda5ff1419e754ac4ebc01a6e68d7a53ba7beb1ea4567e3399e
- SSDEEP
  
  24576:3qY9a3CgN5msCQXxWO+m9SO44g9q60gGxSFnlihNhZut0xknSSlFutisu:3l9A/CQhYDOrgyLglAnk0KRlF6o
Score

10^/10

sality backdoor bootkit evasion persistence trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorbootkitevasionpersistencetrojanupx

behavioral2

salitybackdoorbootkitevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy