sality | ca07ceda842f06b33c3310b3fcffbefb769ed19c3aec074aacb3932ea743c300 | Triage

Sharing

General

Target

ca07ceda842f06b33c3310b3fcffbefb769ed19c3aec074aacb3932ea743c300
Size

3.0MB
Sample

250328-z21c8a1xdx
MD5

18de6ea01cd97457c36c4a4b472ec0df
SHA1

ec48ed6bf599d064ec2166d4dacbae59a99e8705
SHA256

ca07ceda842f06b33c3310b3fcffbefb769ed19c3aec074aacb3932ea743c300
SHA512

cc12d4c4aadb0823b27ca9151586cd1b915d978fc30dbee5f8f9ed4035fd93ad3db5416d921b16ca1e93db5372e23a7283e076de4e763462b1c6e1aed271a1ab
SSDEEP

49152:mZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAO86LqmQKzeFH/LNqAznwLtW:m+ruj+CLflabdSgGhE6OFGUwLtW

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  ca07ceda842f06b33c3310b3fcffbefb769ed19c3aec074aacb3932ea743c300
- Size
  
  3.0MB
- MD5
  
  18de6ea01cd97457c36c4a4b472ec0df
- SHA1
  
  ec48ed6bf599d064ec2166d4dacbae59a99e8705
- SHA256
  
  ca07ceda842f06b33c3310b3fcffbefb769ed19c3aec074aacb3932ea743c300
- SHA512
  
  cc12d4c4aadb0823b27ca9151586cd1b915d978fc30dbee5f8f9ed4035fd93ad3db5416d921b16ca1e93db5372e23a7283e076de4e763462b1c6e1aed271a1ab
- SSDEEP
  
  49152:mZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAO86LqmQKzeFH/LNqAznwLtW:m+ruj+CLflabdSgGhE6OFGUwLtW
Score

10^/10

discovery sality backdoor defense_evasion trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordefense_evasiondiscoverytrojanupx