sality | 202da0dc9521121264001265ceb918743dccd7a4e48d5ba7083a200c73d58406 | Triage

Sharing

General

Target

202da0dc9521121264001265ceb918743dccd7a4e48d5ba7083a200c73d58406
Size

4.8MB
Sample

250405-bw8kmszpx9
MD5

66a079c9039569f42e0c80d8c1717385
SHA1

2f48327e0295b7f204a9a845b0b01692b13d9381
SHA256

202da0dc9521121264001265ceb918743dccd7a4e48d5ba7083a200c73d58406
SHA512

4fcc1fe058bb3415b3afe7e060c267673c085bdb6b56933ab83fbc6336e3dc2df37cd1d672af95e9a685730aad5007c2242411d38b81ef0cc976a095306f59bf
SSDEEP

98304:RrXf368BJxAjBCGhcUISE09MkD1d49dvj3A5pRW/4Tj/eKKHCUKA:RT33rAjgGhcUI/GBm3u3KHCbA

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  202da0dc9521121264001265ceb918743dccd7a4e48d5ba7083a200c73d58406
- Size
  
  4.8MB
- MD5
  
  66a079c9039569f42e0c80d8c1717385
- SHA1
  
  2f48327e0295b7f204a9a845b0b01692b13d9381
- SHA256
  
  202da0dc9521121264001265ceb918743dccd7a4e48d5ba7083a200c73d58406
- SHA512
  
  4fcc1fe058bb3415b3afe7e060c267673c085bdb6b56933ab83fbc6336e3dc2df37cd1d672af95e9a685730aad5007c2242411d38b81ef0cc976a095306f59bf
- SSDEEP
  
  98304:RrXf368BJxAjBCGhcUISE09MkD1d49dvj3A5pRW/4Tj/eKKHCUKA:RT33rAjgGhcUI/GBm3u3KHCbA
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordefense_evasiondiscoverytrojanupx