sality | f69efc0ecd5b76d72998d7c1f8ee5c2ab77c12c75a0aa6c57cf3957c3a15ee6a | Triage

Sharing

General

Target

f69efc0ecd5b76d72998d7c1f8ee5c2ab77c12c75a0aa6c57cf3957c3a15ee6a.exe
Size

359KB
Sample

241206-p5tpqstqej
MD5

0b7285d9251000e1735dd111e69aa099
SHA1

576b3e45a7fa68fe32765da38ca3695ddf7899d8
SHA256

f69efc0ecd5b76d72998d7c1f8ee5c2ab77c12c75a0aa6c57cf3957c3a15ee6a
SHA512

0b4f4cbdfe6c7b056176d6679f8bfd0a802c6c123431a3ffb482cbe6a9285b1a00c5c99e731ff597259a5fb59cc447c164f910ed292459c41fe6a9a2de6a4f81
SSDEEP

6144:ndZiP3k3YeDgU5nMNsDQzcmGxF1RYTc3fD8ihwm3zdiMMKpLw8wD2zjdS6v:ndZc0lp4PzanGQ3fAZ2Mo88zj7

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  f69efc0ecd5b76d72998d7c1f8ee5c2ab77c12c75a0aa6c57cf3957c3a15ee6a.exe
- Size
  
  359KB
- MD5
  
  0b7285d9251000e1735dd111e69aa099
- SHA1
  
  576b3e45a7fa68fe32765da38ca3695ddf7899d8
- SHA256
  
  f69efc0ecd5b76d72998d7c1f8ee5c2ab77c12c75a0aa6c57cf3957c3a15ee6a
- SHA512
  
  0b4f4cbdfe6c7b056176d6679f8bfd0a802c6c123431a3ffb482cbe6a9285b1a00c5c99e731ff597259a5fb59cc447c164f910ed292459c41fe6a9a2de6a4f81
- SSDEEP
  
  6144:ndZiP3k3YeDgU5nMNsDQzcmGxF1RYTc3fD8ihwm3zdiMMKpLw8wD2zjdS6v:ndZc0lp4PzanGQ3fAZ2Mo88zj7
Score

10^/10

discovery sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordiscoveryevasiontrojanupx