sality | 9787c5f7df71ab23277fefe7afdf06e6a2e1694d8b053071a6316a9a267a5561 | Triage

Sharing

General

Target

e3c214fb43e47bbaf2e9e66222502ba4_JaffaCakes118
Size

172KB
Sample

241211-3xmhcasqcw
MD5

e3c214fb43e47bbaf2e9e66222502ba4
SHA1

3e9afcdf341412bde044b77b2da9ef23585ea370
SHA256

9787c5f7df71ab23277fefe7afdf06e6a2e1694d8b053071a6316a9a267a5561
SHA512

cf6236758736f44ec39c93a6772fb8df4b7ac23d4a674b4b0eaa58582e2687986504f1d6f4cdcdc23385e02e5c3c76b2091f236325eaaf37d4dd18724fc6352c
SSDEEP

3072:4kT6zOA0mX1K/dnAFGvpD7bB/4a5GsadWM2sZ6qgfMk6y:hGhK/d/4bsasM2xfMK

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  e3c214fb43e47bbaf2e9e66222502ba4_JaffaCakes118
- Size
  
  172KB
- MD5
  
  e3c214fb43e47bbaf2e9e66222502ba4
- SHA1
  
  3e9afcdf341412bde044b77b2da9ef23585ea370
- SHA256
  
  9787c5f7df71ab23277fefe7afdf06e6a2e1694d8b053071a6316a9a267a5561
- SHA512
  
  cf6236758736f44ec39c93a6772fb8df4b7ac23d4a674b4b0eaa58582e2687986504f1d6f4cdcdc23385e02e5c3c76b2091f236325eaaf37d4dd18724fc6352c
- SSDEEP
  
  3072:4kT6zOA0mX1K/dnAFGvpD7bB/4a5GsadWM2sZ6qgfMk6y:hGhK/d/4bsasM2xfMK
Score

10^/10

discovery sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordiscoveryevasiontrojanupx