sality | c3fe46e09eb21374268a1adb9ae5d71f181172e7a974850019ae1fc5a813b575 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1614f1a72709194bf0085400e9b11cb0N.exe
Size

228KB
Sample

240712-3t6f2swejn
MD5

1614f1a72709194bf0085400e9b11cb0
SHA1

68b63e8212c56c01a170c20ca02c82c7e280559a
SHA256

c3fe46e09eb21374268a1adb9ae5d71f181172e7a974850019ae1fc5a813b575
SHA512

e2915f3cfdc05b654557f0911a77dabf66bb821d55e2dc250f39df19066e8dc892bd0a9d29e875ee9418f8c9278315c5980569831a47ddd72a009007584b91d4
SSDEEP

3072:hwzvOYRr5YP/aKavT/DvbEvK9aobNI2B+hlsfni3YGByThXKBZkZN4GhQ2eRZh+k:iriP/aK2h9H/B+r4GCQfoXhDJmyG

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  1614f1a72709194bf0085400e9b11cb0N.exe
- Size
  
  228KB
- MD5
  
  1614f1a72709194bf0085400e9b11cb0
- SHA1
  
  68b63e8212c56c01a170c20ca02c82c7e280559a
- SHA256
  
  c3fe46e09eb21374268a1adb9ae5d71f181172e7a974850019ae1fc5a813b575
- SHA512
  
  e2915f3cfdc05b654557f0911a77dabf66bb821d55e2dc250f39df19066e8dc892bd0a9d29e875ee9418f8c9278315c5980569831a47ddd72a009007584b91d4
- SSDEEP
  
  3072:hwzvOYRr5YP/aKavT/DvbEvK9aobNI2B+hlsfni3YGByThXKBZkZN4GhQ2eRZh+k:iriP/aK2h9H/B+r4GCQfoXhDJmyG
Score

10^/10

sality backdoor upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorupx

behavioral2

salitybackdoorevasiontrojanupx