sality | 9fe67e38c16b74daf65a98c733292929c9cc87764335af3b0f46119b3a9b3b67 | Triage

Sharing

General

Target

JaffaCakes118_577eb73a920cabf4752bc0d259a18716
Size

324KB
Sample

250306-ym7nbawvdw
MD5

577eb73a920cabf4752bc0d259a18716
SHA1

a107331c4620696f213e71e64cbdb55cf985ccd5
SHA256

9fe67e38c16b74daf65a98c733292929c9cc87764335af3b0f46119b3a9b3b67
SHA512

bca56f39128f31f787e494742dcb023d4d9cb9624c9b8cd1052f1f84df67241c643e19945f2090fb236ef333c704709b129d6224c7a0d597066efa9f9aaafce6
SSDEEP

6144:kHcsjhIW4YW6shNlA9ceJ3jzw6QjRp8Jmq2a:OohL8cWHfQjP8

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  JaffaCakes118_577eb73a920cabf4752bc0d259a18716
- Size
  
  324KB
- MD5
  
  577eb73a920cabf4752bc0d259a18716
- SHA1
  
  a107331c4620696f213e71e64cbdb55cf985ccd5
- SHA256
  
  9fe67e38c16b74daf65a98c733292929c9cc87764335af3b0f46119b3a9b3b67
- SHA512
  
  bca56f39128f31f787e494742dcb023d4d9cb9624c9b8cd1052f1f84df67241c643e19945f2090fb236ef333c704709b129d6224c7a0d597066efa9f9aaafce6
- SSDEEP
  
  6144:kHcsjhIW4YW6shNlA9ceJ3jzw6QjRp8Jmq2a:OohL8cWHfQjP8
Score

10^/10

discovery sality backdoor defense_evasion trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordefense_evasiondiscoverytrojanupx