sality | 9a59cf3b46cbf1e3bf2af9551b25c562bd7a548caff82424d3c86193e7ba483c | Triage

Sharing

General

Target

JaffaCakes118_8c48e7d2990a43a64bc8e36ef7199618
Size

254KB
Sample

250203-y4cjhaskcz
MD5

8c48e7d2990a43a64bc8e36ef7199618
SHA1

fd241ef24fb1372fe6b663ceb3bd5ab1b601377c
SHA256

9a59cf3b46cbf1e3bf2af9551b25c562bd7a548caff82424d3c86193e7ba483c
SHA512

7e9efa792ac2f1cd4230ee7f6ef70685168964c9c67e092d4b02128f1561eda5a69587acb006c27813c05949477603d162c7cc655b45cf71e14880fd4b52f909
SSDEEP

6144:6+GaGSfOrz+6PAC9jRlztaS4AQXRA88d6BnQYGl:6va2sC9Nl/bQm6OJl

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  HACKMS~1.EXE
- Size
  
  712KB
- MD5
  
  b0dd4bc52eb381a7990558aac569b64f
- SHA1
  
  e8b81828b34d56de409d6cd3433baa7f38b5be78
- SHA256
  
  6194da0d241a12d32e7334d0aa8a2b253a6e80e882d67842279b7a4160faa59a
- SHA512
  
  f97c962965c2dfab030703a38c130438ec600011fb7ecf91732806a99f8e9d44e1e023bbd372aa0829a2a03b7efb20ccd788fbbeaddda27c995c48e0e9566a90
- SSDEEP
  
  12288:4H2jynD0FV3hOrW2jynD0FV3XpDXeGxEiPvc5FJneuDlhza0FOjynk36ni:4H2ODPW2ODypDXeGxEiPvc54rOk3
Score

10^/10

discovery sality backdoor defense_evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  media.exe
- Size
  
  301KB
- MD5
  
  2e9a52594d64d75f396f9079b2332a4f
- SHA1
  
  c27e2a039f792348c622bbb6812558d31382d226
- SHA256
  
  1d0c59097b7a3e7a2eef3dd06989edf07601d7953187de35f99cd8ff4fc772f5
- SHA512
  
  053285b7ce7c94f95486537764e5b4c9fe906aae5ea12a9d36a803b791e59251a330614885764bb6ae6608be93327f66081a0f3b7c121c72d456b5e18b239bfe
- SSDEEP
  
  3072:8Jtn5ymi8Eu11uZaLJbN2SQ3N7Do0JgT5SVtoaKGlD8yWC242UcdRCU4J4lg4E4D:zKA9PnGmE
Score

5^/10

discovery
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordefense_evasiondiscoverytrojanupx

behavioral3

behavioral4