sality | 1ae6043a56d6e6072c221e0139f13f1dc95711b3c525a4ec615f6b7871c7051b | Triage

Sharing

General

Target

44fb4f3bdb2fcbb4f7374003d6eb4d62_JaffaCakes118
Size

227KB
Sample

240714-jy5wjasemk
MD5

44fb4f3bdb2fcbb4f7374003d6eb4d62
SHA1

07d160bc8bd4839152bae605d141015c892cb4cd
SHA256

1ae6043a56d6e6072c221e0139f13f1dc95711b3c525a4ec615f6b7871c7051b
SHA512

d6df7e4507b2d1bc29391e02ded6ca43f07548b1b9f9b5056ee8ff3beec03f80a85030c6bbe8d40973b388a8d32e3ccb7f76d0764016fdb324da45dd32a6cc93
SSDEEP

6144:0HP7/GdouNeZrrfWVLCutLOYfNMtlTbphD:0HbG6uElreVLCu1dolPX

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  44fb4f3bdb2fcbb4f7374003d6eb4d62_JaffaCakes118
- Size
  
  227KB
- MD5
  
  44fb4f3bdb2fcbb4f7374003d6eb4d62
- SHA1
  
  07d160bc8bd4839152bae605d141015c892cb4cd
- SHA256
  
  1ae6043a56d6e6072c221e0139f13f1dc95711b3c525a4ec615f6b7871c7051b
- SHA512
  
  d6df7e4507b2d1bc29391e02ded6ca43f07548b1b9f9b5056ee8ff3beec03f80a85030c6bbe8d40973b388a8d32e3ccb7f76d0764016fdb324da45dd32a6cc93
- SSDEEP
  
  6144:0HP7/GdouNeZrrfWVLCutLOYfNMtlTbphD:0HbG6uElreVLCu1dolPX
Score

10^/10

sality backdoor upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorupx

behavioral2

salitybackdoorevasiontrojanupx