sality | d4eb068af1ccf724754e3792a9be2bfa19a004a0465bb56565445f188ed202b6 | Triage

Sharing

General

Target

d4eb068af1ccf724754e3792a9be2bfa19a004a0465bb56565445f188ed202b6N.exe
Size

176KB
Sample

241216-c7khmaznbt
MD5

077301c2296d43620fdf4b88f3fc73c0
SHA1

3d8617f958ec95a299dc2d61287d822035306362
SHA256

d4eb068af1ccf724754e3792a9be2bfa19a004a0465bb56565445f188ed202b6
SHA512

98dc6dcaabe8376c23d520fe10fd3797ad6af1ca652f8034df3f3af1d74240e8031fa1b80fdf860b541a1c75a60690b46b2bd326e4493b25afe56e7980aabd90
SSDEEP

3072:M+iDZVCmbSn7iylnmtyqKGArtksxgyU14pn9IK7GGGGGGGGGGGGGGGGGl1m9rpUR:MTb27Q3cbem9rpUraIcHykF6G2xWIf

Score

10^/10

sality backdoor discovery evasion trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  d4eb068af1ccf724754e3792a9be2bfa19a004a0465bb56565445f188ed202b6N.exe
- Size
  
  176KB
- MD5
  
  077301c2296d43620fdf4b88f3fc73c0
- SHA1
  
  3d8617f958ec95a299dc2d61287d822035306362
- SHA256
  
  d4eb068af1ccf724754e3792a9be2bfa19a004a0465bb56565445f188ed202b6
- SHA512
  
  98dc6dcaabe8376c23d520fe10fd3797ad6af1ca652f8034df3f3af1d74240e8031fa1b80fdf860b541a1c75a60690b46b2bd326e4493b25afe56e7980aabd90
- SSDEEP
  
  3072:M+iDZVCmbSn7iylnmtyqKGArtksxgyU14pn9IK7GGGGGGGGGGGGGGGGGl1m9rpUR:MTb27Q3cbem9rpUraIcHykF6G2xWIf
Score

10^/10

discovery sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordiscoveryevasiontrojanupx