sality | 3fdf14df303b824fdf61eb63ed06a2b0fff6f4f07591cd13180110746e5a6e81 | Triage

Sharing

General

Target

3fdf14df303b824fdf61eb63ed06a2b0fff6f4f07591cd13180110746e5a6e81
Size

957KB
Sample

241212-n5ltfstkbx
MD5

d3362300a175bd892421dcebc01f64aa
SHA1

ff07dfa85ce216b7e9077381905923eb14211d6a
SHA256

3fdf14df303b824fdf61eb63ed06a2b0fff6f4f07591cd13180110746e5a6e81
SHA512

255b578f0fcfbfe7fcca9829852140755fcff2aea6ba34e447c574a2812e6d0b8f23a2c862711ee4c56bbe6a40e5b653547cbd3aa65cd008b99b4ea786f8cfd9
SSDEEP

24576:suuBj3ZXqv05z21Pg1MHmGSJrZ5dUYAr3sw6+:sV5q85VMGGSZZ5d1Sr6+

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  3fdf14df303b824fdf61eb63ed06a2b0fff6f4f07591cd13180110746e5a6e81
- Size
  
  957KB
- MD5
  
  d3362300a175bd892421dcebc01f64aa
- SHA1
  
  ff07dfa85ce216b7e9077381905923eb14211d6a
- SHA256
  
  3fdf14df303b824fdf61eb63ed06a2b0fff6f4f07591cd13180110746e5a6e81
- SHA512
  
  255b578f0fcfbfe7fcca9829852140755fcff2aea6ba34e447c574a2812e6d0b8f23a2c862711ee4c56bbe6a40e5b653547cbd3aa65cd008b99b4ea786f8cfd9
- SSDEEP
  
  24576:suuBj3ZXqv05z21Pg1MHmGSJrZ5dUYAr3sw6+:sV5q85VMGGSZZ5d1Sr6+
Score

10^/10

discovery sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordiscoveryevasiontrojanupx