sality | 0cb7de0a2c34b6becd6b2188f0601bba85f87f544839b4c6c58fcc4629c5da47 | Triage

Sharing

General

Target

2024-12-12_a1f6c228c389aba507e385f3a5023c64_hijackloader_luca-stealer_magniber
Size

2.7MB
Sample

241212-l5kkaazrew
MD5

a1f6c228c389aba507e385f3a5023c64
SHA1

9a691ae8abab8805e941a738e13079be2d65f303
SHA256

0cb7de0a2c34b6becd6b2188f0601bba85f87f544839b4c6c58fcc4629c5da47
SHA512

0a9ca8dd7f7ecd278cfa4370c3f7b27b7520b90ab26cfe21ad5412ad80f2d0ae30e11e4c7e3b00eadfedb1e375505742689cddcbfec8d27d941c270fc43329ee
SSDEEP

49152:lwwwwsHB0A3SKVRrfiVEITpfCTzUwpJMVxeex7g5M51HZeU72NWv1aJ03:rcSKVR7WEITpfcUCMVxRxRHZeU751aJK

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  2024-12-12_a1f6c228c389aba507e385f3a5023c64_hijackloader_luca-stealer_magniber
- Size
  
  2.7MB
- MD5
  
  a1f6c228c389aba507e385f3a5023c64
- SHA1
  
  9a691ae8abab8805e941a738e13079be2d65f303
- SHA256
  
  0cb7de0a2c34b6becd6b2188f0601bba85f87f544839b4c6c58fcc4629c5da47
- SHA512
  
  0a9ca8dd7f7ecd278cfa4370c3f7b27b7520b90ab26cfe21ad5412ad80f2d0ae30e11e4c7e3b00eadfedb1e375505742689cddcbfec8d27d941c270fc43329ee
- SSDEEP
  
  49152:lwwwwsHB0A3SKVRrfiVEITpfCTzUwpJMVxeex7g5M51HZeU72NWv1aJ03:rcSKVR7WEITpfcUCMVxRxRHZeU751aJK
Score

10^/10

sality backdoor discovery upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx