sality | 057350c26d31d44b937d5b3660759f45e717c22d30efbb388bc42f7f1ddef3a1 | Triage

Sharing

General

Target

00da45068f2e11b3638a9fe73377dabb_JaffaCakes118
Size

160KB
Sample

240619-19qdnayepr
MD5

00da45068f2e11b3638a9fe73377dabb
SHA1

3457d02155cdf48669cfd5c6aee1e7af6c8e87fa
SHA256

057350c26d31d44b937d5b3660759f45e717c22d30efbb388bc42f7f1ddef3a1
SHA512

afdd7976f61b5bf5318dcf86a0d124ca48ffbf1a178d31474d52437ec43225563aad2f29aae7a80d0a5301f831831f62a4921294ae5252e2b5f0e0a5c24ea68b
SSDEEP

3072:B/rEc2N6BxDZ1XTwI3l/JwFQhopQzTgPduetq/vlXuxe5ME+nVUr1:B/rEdN6d1DwI3wQ4mQdpwnl295S5

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  00da45068f2e11b3638a9fe73377dabb_JaffaCakes118
- Size
  
  160KB
- MD5
  
  00da45068f2e11b3638a9fe73377dabb
- SHA1
  
  3457d02155cdf48669cfd5c6aee1e7af6c8e87fa
- SHA256
  
  057350c26d31d44b937d5b3660759f45e717c22d30efbb388bc42f7f1ddef3a1
- SHA512
  
  afdd7976f61b5bf5318dcf86a0d124ca48ffbf1a178d31474d52437ec43225563aad2f29aae7a80d0a5301f831831f62a4921294ae5252e2b5f0e0a5c24ea68b
- SSDEEP
  
  3072:B/rEc2N6BxDZ1XTwI3l/JwFQhopQzTgPduetq/vlXuxe5ME+nVUr1:B/rEdN6d1DwI3wQ4mQdpwnl295S5
Score

10^/10

sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx