sality | 26ab6fe3d5da61ba55c752579536bc30dfc02572c9400ab64e8539a8c9174a1e | Triage

Sharing

General

Target

JaffaCakes118_8f2f113481edf8c7d6c0779982035208
Size

452KB
Sample

250204-ddpqxssnas
MD5

8f2f113481edf8c7d6c0779982035208
SHA1

036733ae7518048ef778b07ee9dc5536f41acfcc
SHA256

26ab6fe3d5da61ba55c752579536bc30dfc02572c9400ab64e8539a8c9174a1e
SHA512

008de819edb7f41ae99cf8a35bc267d7879e70c97d0d49d0895d3efd5ffa6d9f49d0de33a650b0715263c8cc542099bde5abf69d271040b1eedb436f0ba1d90f
SSDEEP

6144:zeokfjEnHpofORs27QkhlnUdKZeltMqPkzjQFJka69IrIIiIk7:zeVjEnHpofORs271hJwCelSjQkt9cE7

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  JaffaCakes118_8f2f113481edf8c7d6c0779982035208
- Size
  
  452KB
- MD5
  
  8f2f113481edf8c7d6c0779982035208
- SHA1
  
  036733ae7518048ef778b07ee9dc5536f41acfcc
- SHA256
  
  26ab6fe3d5da61ba55c752579536bc30dfc02572c9400ab64e8539a8c9174a1e
- SHA512
  
  008de819edb7f41ae99cf8a35bc267d7879e70c97d0d49d0895d3efd5ffa6d9f49d0de33a650b0715263c8cc542099bde5abf69d271040b1eedb436f0ba1d90f
- SSDEEP
  
  6144:zeokfjEnHpofORs27QkhlnUdKZeltMqPkzjQFJka69IrIIiIk7:zeVjEnHpofORs271hJwCelSjQkt9cE7
Score

10^/10

discovery sality backdoor defense_evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordefense_evasiondiscoverytrojanupx