sality | f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56 | Triage

Sharing

General

Target

f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
Size

3.0MB
Sample

250328-3adlxstvfz
MD5

89aef9d7c46206f1242715d21e5eae63
SHA1

22fcb58474df30cb598c9b59ab4f9cfd61aaaf74
SHA256

f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
SHA512

474b288557f9c5c22bf818225160cd09fcf1c740c64aa9b19d20d896a5490229be9c30b1fb90458d8f19139ecfc13aebb4dcb848f25dc32e8380946902a16cf4
SSDEEP

49152:2Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAi86LqmQKzeFH/LNqAznw4M:2+ruj+CLflabdSgGh46OFGUw4M

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
- Size
  
  3.0MB
- MD5
  
  89aef9d7c46206f1242715d21e5eae63
- SHA1
  
  22fcb58474df30cb598c9b59ab4f9cfd61aaaf74
- SHA256
  
  f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
- SHA512
  
  474b288557f9c5c22bf818225160cd09fcf1c740c64aa9b19d20d896a5490229be9c30b1fb90458d8f19139ecfc13aebb4dcb848f25dc32e8380946902a16cf4
- SSDEEP
  
  49152:2Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAi86LqmQKzeFH/LNqAznw4M:2+ruj+CLflabdSgGh46OFGUw4M
Score

10^/10

discovery sality backdoor defense_evasion trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordefense_evasiondiscoverytrojanupx