sality | 84e0c08ba67155a4274e7b374b92a4cd6abe2b9ade6bb28cb2bd8743ba447a8a | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-12-24...er.exe

windows7-x64

2024-12-24...er.exe

windows10-2004-x64

Sharing

General

Target

2024-12-24_213bbc276630d370c56fe7107b9849be_luca-stealer_magniber
Size

1.8MB
Sample

241224-pzecvsxnfz
MD5

213bbc276630d370c56fe7107b9849be
SHA1

96c9d1fb84229498268e6aebeb254547fc129929
SHA256

84e0c08ba67155a4274e7b374b92a4cd6abe2b9ade6bb28cb2bd8743ba447a8a
SHA512

ba92aa1c544486424cfcb6d05311cc7acc56c3ef01788497d39724cae0db20798a6005db45237a30e7a0dda1cf1b67fcf58bba0f8c37c68d82f1e46022acac33
SSDEEP

24576:05pbf/eDTke6NW2GOKIzaac0mhPsyvXVFrONtpXktL02BMiKNTQyKVmZYAAGrQyy:iYRcW2BN+6oXHqNCnDYTQybVAGrg

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-12-24_213bbc276630d370c56fe7107b9849be_luca-stealer_magniber.exe

Resource

win7-20240903-en

sality backdoor discovery evasion trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-24_213bbc276630d370c56fe7107b9849be_luca-stealer_magniber.exe

Resource

win10v2004-20241007-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  2024-12-24_213bbc276630d370c56fe7107b9849be_luca-stealer_magniber
- Size
  
  1.8MB
- MD5
  
  213bbc276630d370c56fe7107b9849be
- SHA1
  
  96c9d1fb84229498268e6aebeb254547fc129929
- SHA256
  
  84e0c08ba67155a4274e7b374b92a4cd6abe2b9ade6bb28cb2bd8743ba447a8a
- SHA512
  
  ba92aa1c544486424cfcb6d05311cc7acc56c3ef01788497d39724cae0db20798a6005db45237a30e7a0dda1cf1b67fcf58bba0f8c37c68d82f1e46022acac33
- SSDEEP
  
  24576:05pbf/eDTke6NW2GOKIzaac0mhPsyvXVFrONtpXktL02BMiKNTQyKVmZYAAGrQyy:iYRcW2BN+6oXHqNCnDYTQybVAGrg
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2024

Terms | Privacy