sality | 589c8ee4e37d371ac8179b5eaddf45faa5a6bd0583363f52f07f355e207093bb | Triage

Sharing

General

Target

589c8ee4e37d371ac8179b5eaddf45faa5a6bd0583363f52f07f355e207093bb
Size

240KB
Sample

241120-27ckfsvfmd
MD5

e9df12f34bd86d595e897ea763e50bf5
SHA1

02d9f0c4e9712d40efcb4c7424892ad7545a2271
SHA256

589c8ee4e37d371ac8179b5eaddf45faa5a6bd0583363f52f07f355e207093bb
SHA512

5e2687aaa99e35f7c88081e5182458b81a8e4848e0bfa3948076449b1014eef0eeaef6b5bd0d777b7535b4ee76c3e2ad7553b907ca45b126b4cc2f2d30f7075f
SSDEEP

6144:eO3rIFEVIomVcSt9Nzw+dGaWKtgwkutXl+K1De9zZBX:VlSbdG0tquJ5DM3

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  589c8ee4e37d371ac8179b5eaddf45faa5a6bd0583363f52f07f355e207093bb
- Size
  
  240KB
- MD5
  
  e9df12f34bd86d595e897ea763e50bf5
- SHA1
  
  02d9f0c4e9712d40efcb4c7424892ad7545a2271
- SHA256
  
  589c8ee4e37d371ac8179b5eaddf45faa5a6bd0583363f52f07f355e207093bb
- SHA512
  
  5e2687aaa99e35f7c88081e5182458b81a8e4848e0bfa3948076449b1014eef0eeaef6b5bd0d777b7535b4ee76c3e2ad7553b907ca45b126b4cc2f2d30f7075f
- SSDEEP
  
  6144:eO3rIFEVIomVcSt9Nzw+dGaWKtgwkutXl+K1De9zZBX:VlSbdG0tquJ5DM3
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx