sality | 21bd9f760e8e971ef491dcfd8d864bf9f7804102b2ac411f09bf693c6831670c | Triage

Sharing

General

Target

21bd9f760e8e971ef491dcfd8d864bf9f7804102b2ac411f09bf693c6831670c
Size

1.2MB
Sample

241213-gxddsaslbr
MD5

5ea82f7896e439b045252a6765043d1d
SHA1

dd8436237f83f2d6b8afc8ac9d88b77ddd63e426
SHA256

21bd9f760e8e971ef491dcfd8d864bf9f7804102b2ac411f09bf693c6831670c
SHA512

cc742f52630de290a9ed4e3aa46e289eee6e2948164ccc6d151ddcb69532481fadf98a83d003e6eb270df435170cca2df7f9ac726f257233c1f354c62d9bcbdf
SSDEEP

24576:cFPOkBKUM2+6gN0MlguotQN5eVkMbcLOZdIgiMmcITX6pAoMX3ICXZGTsk8OC:qPM2+6gN0Mlg9t+eVPAslmcITqp8ICXJ

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  21bd9f760e8e971ef491dcfd8d864bf9f7804102b2ac411f09bf693c6831670c
- Size
  
  1.2MB
- MD5
  
  5ea82f7896e439b045252a6765043d1d
- SHA1
  
  dd8436237f83f2d6b8afc8ac9d88b77ddd63e426
- SHA256
  
  21bd9f760e8e971ef491dcfd8d864bf9f7804102b2ac411f09bf693c6831670c
- SHA512
  
  cc742f52630de290a9ed4e3aa46e289eee6e2948164ccc6d151ddcb69532481fadf98a83d003e6eb270df435170cca2df7f9ac726f257233c1f354c62d9bcbdf
- SSDEEP
  
  24576:cFPOkBKUM2+6gN0MlguotQN5eVkMbcLOZdIgiMmcITX6pAoMX3ICXZGTsk8OC:qPM2+6gN0Mlg9t+eVPAslmcITqp8ICXJ
Score

10^/10

sality backdoor discovery upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx