sality

General

Target

3af198b560b242e0ff66a5664a5b458860a82e3296b18294b7f9a792cf517446N.exe
Size

248KB
Sample

241204-zj5vzszqdy
MD5

cc91a59c4a4421e3a5095a2f53bb0800
SHA1

90d92e432bf883b74ea61d497f7b79d937b6b185
SHA256

3af198b560b242e0ff66a5664a5b458860a82e3296b18294b7f9a792cf517446
SHA512

de36802e677aaccffbb1376197cd01ad77e41b27b2428ecdcb230b530233a85bcd35285157a80eb7ab887cc32510c1c5aecfd0b9f6e407020986594703f729c8
SSDEEP

6144:A/SsnH2aXBw7g723Dh5QrBl08hY/7AKrSVgHKEQTu8:Xa172t5AMUmNqEKu8

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  3af198b560b242e0ff66a5664a5b458860a82e3296b18294b7f9a792cf517446N.exe
- Size
  
  248KB
- MD5
  
  cc91a59c4a4421e3a5095a2f53bb0800
- SHA1
  
  90d92e432bf883b74ea61d497f7b79d937b6b185
- SHA256
  
  3af198b560b242e0ff66a5664a5b458860a82e3296b18294b7f9a792cf517446
- SHA512
  
  de36802e677aaccffbb1376197cd01ad77e41b27b2428ecdcb230b530233a85bcd35285157a80eb7ab887cc32510c1c5aecfd0b9f6e407020986594703f729c8
- SSDEEP
  
  6144:A/SsnH2aXBw7g723Dh5QrBl08hY/7AKrSVgHKEQTu8:Xa172t5AMUmNqEKu8
Score

10^/10

sality backdoor discovery upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sality family

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2