sality | ad82af63e8c6c2e72175b58c1c4ba8837209389fdcf5601026731ec8788a60f6 | Triage

Sharing

General

Target

2025-04-04_ea7c0fc5f57f8d1e658b00370182d550_amadey_black-basta_luca-stealer_smoke-loader
Size

2.6MB
Sample

250404-1dmmwsvwat
MD5

ea7c0fc5f57f8d1e658b00370182d550
SHA1

a28b0e91a42401a7ab8601bf32dc0203109ca29e
SHA256

ad82af63e8c6c2e72175b58c1c4ba8837209389fdcf5601026731ec8788a60f6
SHA512

ae5d31c034b5b6cd60789e46863440c0c8c4dc6031c1c14cd0504e6f941d37688462e2d82cb1b42aa78f04928610728a6788a4b45cd78cd1658ad89d184eeb76
SSDEEP

49152:NFdG9msu4sVrFpdrDLR8sL2GRQYLd6CnykKi7NrZOPEC5LQrHc9ffQ4efLf:NFdGhutrjdz6shhLdvx7NrZJKQrHc9fu

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  2025-04-04_ea7c0fc5f57f8d1e658b00370182d550_amadey_black-basta_luca-stealer_smoke-loader
- Size
  
  2.6MB
- MD5
  
  ea7c0fc5f57f8d1e658b00370182d550
- SHA1
  
  a28b0e91a42401a7ab8601bf32dc0203109ca29e
- SHA256
  
  ad82af63e8c6c2e72175b58c1c4ba8837209389fdcf5601026731ec8788a60f6
- SHA512
  
  ae5d31c034b5b6cd60789e46863440c0c8c4dc6031c1c14cd0504e6f941d37688462e2d82cb1b42aa78f04928610728a6788a4b45cd78cd1658ad89d184eeb76
- SSDEEP
  
  49152:NFdG9msu4sVrFpdrDLR8sL2GRQYLd6CnykKi7NrZOPEC5LQrHc9ffQ4efLf:NFdGhutrjdz6shhLdvx7NrZJKQrHc9fu
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Windows security modification
  defense_evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordefense_evasiondiscoverytrojanupx