sality | cf3c10a1beeb7c49a3a30e0abd139b604c4fe061321f081765d1ca144bb12f25 | Triage

Sharing

General

Target

cf3c10a1beeb7c49a3a30e0abd139b604c4fe061321f081765d1ca144bb12f25.exe
Size

8.6MB
Sample

241206-vcgscssqhp
MD5

3edeacb35b91ef5322b7867ad2f8e999
SHA1

c99f83ddacf440d10c54fa73052f847e5de4c0e0
SHA256

cf3c10a1beeb7c49a3a30e0abd139b604c4fe061321f081765d1ca144bb12f25
SHA512

2d5feef983f45a79591d22bd40ce0deed5d85c93d6571bcc4315f0a8db58eaee3c84f0b68203fd5990bf0a45dc21aa32605a4a0bf8ce60bc76f2fb924da3178a
SSDEEP

196608:1NWvMZmI8qx5A0Lg+mB6qDVKrNo+RpPOSdeIZ5yH+7BzLZMYFnIwBxu330GRx:1a4Wqx5dLg+y/DVKrNoCPoIZ5I+7B/25

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  cf3c10a1beeb7c49a3a30e0abd139b604c4fe061321f081765d1ca144bb12f25.exe
- Size
  
  8.6MB
- MD5
  
  3edeacb35b91ef5322b7867ad2f8e999
- SHA1
  
  c99f83ddacf440d10c54fa73052f847e5de4c0e0
- SHA256
  
  cf3c10a1beeb7c49a3a30e0abd139b604c4fe061321f081765d1ca144bb12f25
- SHA512
  
  2d5feef983f45a79591d22bd40ce0deed5d85c93d6571bcc4315f0a8db58eaee3c84f0b68203fd5990bf0a45dc21aa32605a4a0bf8ce60bc76f2fb924da3178a
- SSDEEP
  
  196608:1NWvMZmI8qx5A0Lg+mB6qDVKrNo+RpPOSdeIZ5yH+7BzLZMYFnIwBxu330GRx:1a4Wqx5dLg+y/DVKrNoCPoIZ5I+7B/25
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx