sality | 4799c885ad4dceb723cd8c62cd805a95069dece0f40c82b27fd4251034ad441e | Triage

Sharing

General

Target

00c35eae5947a908048df221e7d18571_JaffaCakes118
Size

101KB
Sample

240619-1ycy7ateme
MD5

00c35eae5947a908048df221e7d18571
SHA1

f9900c27f1ac6bdd0de4bffc12b46586e7eb7886
SHA256

4799c885ad4dceb723cd8c62cd805a95069dece0f40c82b27fd4251034ad441e
SHA512

abe294b43a11c90cad6b5b3d2bb2697633ec7458d22d2203fcb71e429c6b11cec3a52b16e40381c1e7bdd92636418247d831aa5e24d2d6c9d795cc052804e2ff
SSDEEP

1536:j2BaFh4CmIqXwMBUl3udhzl9J+Bt9eFk2IR+KsVQqQcqs3C7ADhlS3z3rYLA:jHFWChXyb9J+BQbJVXQcrurEA

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  00c35eae5947a908048df221e7d18571_JaffaCakes118
- Size
  
  101KB
- MD5
  
  00c35eae5947a908048df221e7d18571
- SHA1
  
  f9900c27f1ac6bdd0de4bffc12b46586e7eb7886
- SHA256
  
  4799c885ad4dceb723cd8c62cd805a95069dece0f40c82b27fd4251034ad441e
- SHA512
  
  abe294b43a11c90cad6b5b3d2bb2697633ec7458d22d2203fcb71e429c6b11cec3a52b16e40381c1e7bdd92636418247d831aa5e24d2d6c9d795cc052804e2ff
- SSDEEP
  
  1536:j2BaFh4CmIqXwMBUl3udhzl9J+Bt9eFk2IR+KsVQqQcqs3C7ADhlS3z3rYLA:jHFWChXyb9J+BQbJVXQcrurEA
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Abuse Elevation Control Mechanism

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx