sality

Sharing

Copy URL

Twitter E-mail

General

Target

0d1cbb4931a9354ea38f371165b0656831da4a2136119f30041b31e2f7896a06
Size

4.5MB
Sample

250202-jwm8pssnhw
MD5

f5ae0cb4026aa18f6aa4152f5847fc53
SHA1

021c089fa4f44a6c8ba0817261deaab0e0a17fee
SHA256

0d1cbb4931a9354ea38f371165b0656831da4a2136119f30041b31e2f7896a06
SHA512

e01a698c7a601a2ff3ad8066dbb306a39086c425df3aad6552f6d0e3077ee49435b7c54cb1d10e253eef83f7afd18b7023dddd8e5abab9e0d345f7a0b63eca4d
SSDEEP

98304:KTQXdjg7N6TQXdjg7N/TQXdjg7NITQXdjg7NL:mQt8IQt81Qt8CQt89

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  abc/R700,.exe
- Size
  
  1.2MB
- MD5
  
  7683790ae33576643b69c12d640fd5fc
- SHA1
  
  adbd241d4dc1ff76dd5269b00b6c0278bb50588c
- SHA256
  
  a5d1941cd0dafe9f7ee2034200e2aca8f2e323a5eeb7fb9f3b210906b8e5158f
- SHA512
  
  b3ace082767cccda5d21ddec192e37fe1ce4d15c50374a140a1700c8c28231aa3b56fe1ee4a011f17d67b40b5ab2a610ae03367574149f143af218956e4bef94
- SSDEEP
  
  24576:TmPZ/5jLtGHyhdFP8gxBYTICZazH0XHEvJ4BDm:KPZ/ltGakgxYa0XHEG6
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  abc/abc3;.exe
- Size
  
  1.2MB
- MD5
  
  7683790ae33576643b69c12d640fd5fc
- SHA1
  
  adbd241d4dc1ff76dd5269b00b6c0278bb50588c
- SHA256
  
  a5d1941cd0dafe9f7ee2034200e2aca8f2e323a5eeb7fb9f3b210906b8e5158f
- SHA512
  
  b3ace082767cccda5d21ddec192e37fe1ce4d15c50374a140a1700c8c28231aa3b56fe1ee4a011f17d67b40b5ab2a610ae03367574149f143af218956e4bef94
- SSDEEP
  
  24576:TmPZ/5jLtGHyhdFP8gxBYTICZazH0XHEvJ4BDm:KPZ/ltGakgxYa0XHEG6
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  abc/abc7;.exe
- Size
  
  1.2MB
- MD5
  
  7683790ae33576643b69c12d640fd5fc
- SHA1
  
  adbd241d4dc1ff76dd5269b00b6c0278bb50588c
- SHA256
  
  a5d1941cd0dafe9f7ee2034200e2aca8f2e323a5eeb7fb9f3b210906b8e5158f
- SHA512
  
  b3ace082767cccda5d21ddec192e37fe1ce4d15c50374a140a1700c8c28231aa3b56fe1ee4a011f17d67b40b5ab2a610ae03367574149f143af218956e4bef94
- SSDEEP
  
  24576:TmPZ/5jLtGHyhdFP8gxBYTICZazH0XHEvJ4BDm:KPZ/ltGakgxYa0XHEG6
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  abc/new;.exe
- Size
  
  1.2MB
- MD5
  
  7683790ae33576643b69c12d640fd5fc
- SHA1
  
  adbd241d4dc1ff76dd5269b00b6c0278bb50588c
- SHA256
  
  a5d1941cd0dafe9f7ee2034200e2aca8f2e323a5eeb7fb9f3b210906b8e5158f
- SHA512
  
  b3ace082767cccda5d21ddec192e37fe1ce4d15c50374a140a1700c8c28231aa3b56fe1ee4a011f17d67b40b5ab2a610ae03367574149f143af218956e4bef94
- SSDEEP
  
  24576:TmPZ/5jLtGHyhdFP8gxBYTICZazH0XHEvJ4BDm:KPZ/ltGakgxYa0XHEG6
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies firewall policy service

Sality family

UAC bypass

Windows security bypass

Drops startup file

Executes dropped EXE

Loads dropped DLL

Windows security modification

Checks whether UAC is enabled

Drops file in System32 directory

UPX packed file

Modifies firewall policy service

Sality

Sality family

UAC bypass

Windows security bypass

Drops startup file

Executes dropped EXE

Loads dropped DLL

Windows security modification

Checks whether UAC is enabled

Drops file in System32 directory

UPX packed file

Modifies firewall policy service

Sality

Sality family

UAC bypass

Windows security bypass

Drops startup file

Executes dropped EXE

Loads dropped DLL

Windows security modification

Checks whether UAC is enabled

Drops file in System32 directory

UPX packed file

Modifies firewall policy service

Sality

Sality family

UAC bypass

Windows security bypass

Drops startup file

Executes dropped EXE

Loads dropped DLL

Windows security modification

Checks whether UAC is enabled

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8