sality | d7e991e0d403124d6a948bdd21eb675b54f935e5535519a508fd6431a1d735a8 | Triage

Sharing

General

Target

59f88dbf99d2b197ff22c4b4a5b4b8c5_JaffaCakes118
Size

152KB
Sample

240719-b6q4caxbnl
MD5

59f88dbf99d2b197ff22c4b4a5b4b8c5
SHA1

c06f0778690bf70cfaa2ad5c2c525edbe49c9181
SHA256

d7e991e0d403124d6a948bdd21eb675b54f935e5535519a508fd6431a1d735a8
SHA512

4abbbe8059f7bedba33f7f8cce13692bfd779f04b9f7ccf91e75c69c5b7667e205af5220ff274b8a13193fb85010aa81059ed152cb0da6b6eff72b0d48fd57e4
SSDEEP

3072:zXHzLFuwl8mHFKW+nTvW9Zf1vUADBHrAlgAt3kS:7HzLFuwl8mHQPiWADZs3kS

Score

10^/10

sality backdoor evasion persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  59f88dbf99d2b197ff22c4b4a5b4b8c5_JaffaCakes118
- Size
  
  152KB
- MD5
  
  59f88dbf99d2b197ff22c4b4a5b4b8c5
- SHA1
  
  c06f0778690bf70cfaa2ad5c2c525edbe49c9181
- SHA256
  
  d7e991e0d403124d6a948bdd21eb675b54f935e5535519a508fd6431a1d735a8
- SHA512
  
  4abbbe8059f7bedba33f7f8cce13692bfd779f04b9f7ccf91e75c69c5b7667e205af5220ff274b8a13193fb85010aa81059ed152cb0da6b6eff72b0d48fd57e4
- SSDEEP
  
  3072:zXHzLFuwl8mHFKW+nTvW9Zf1vUADBHrAlgAt3kS:7HzLFuwl8mHQPiWADZs3kS
Score

10^/10

sality backdoor evasion persistence privilege_escalation trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasionpersistenceprivilege_escalationtrojanupx