sality | d0e9560d31d1ee01b98821156881c6f482c61f620fbba9e19bf26ad9a1399e9d | Triage

Sharing

General

Target

d0e9560d31d1ee01b98821156881c6f482c61f620fbba9e19bf26ad9a1399e9dN.exe
Size

2.1MB
Sample

241205-mhn5mawngk
MD5

9dc00dcbd39299ffc4bb4badc91dc4d0
SHA1

a63f9be1617ab8fc0b4216c9d2f1a2a1d87872fc
SHA256

d0e9560d31d1ee01b98821156881c6f482c61f620fbba9e19bf26ad9a1399e9d
SHA512

75fedee8047bfce96ee95d1366f4d574b0ebb28e56cc83fd4da1ce54bcaf3975bf3ebbb911160bf11e76a7fba960bc730534d211a7efbab93ef5fa849831eb93
SSDEEP

49152:oqa3sbSXYnVLFrki7c6bUfdJrzsBxvpBTGBxgbRWf1jPNL:9VbKYVLFrr7bYFJrzsBxvpBTn4

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  d0e9560d31d1ee01b98821156881c6f482c61f620fbba9e19bf26ad9a1399e9dN.exe
- Size
  
  2.1MB
- MD5
  
  9dc00dcbd39299ffc4bb4badc91dc4d0
- SHA1
  
  a63f9be1617ab8fc0b4216c9d2f1a2a1d87872fc
- SHA256
  
  d0e9560d31d1ee01b98821156881c6f482c61f620fbba9e19bf26ad9a1399e9d
- SHA512
  
  75fedee8047bfce96ee95d1366f4d574b0ebb28e56cc83fd4da1ce54bcaf3975bf3ebbb911160bf11e76a7fba960bc730534d211a7efbab93ef5fa849831eb93
- SSDEEP
  
  49152:oqa3sbSXYnVLFrki7c6bUfdJrzsBxvpBTGBxgbRWf1jPNL:9VbKYVLFrr7bYFJrzsBxvpBTn4
Score

10^/10

sality backdoor discovery upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx