sality | 177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb | Triage

Submit
Reports

Overview

overview

Static

static

3

177914300a...eb.exe

windows7-x64

7

177914300a...eb.exe

windows10-2004-x64

Sharing

General

Target

177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
Size

779KB
Sample

240629-g64bkawanq
MD5

bd8ea337c7cdee0b3c864e4a674b4c54
SHA1

fefe53dca16c7af5b4831d288a67da11f50172da
SHA256

177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
SHA512

6d19256527a793f86d6bceb6c04499c168528e7b2039830d1012b3f7b0c31603ffb345aaade0838a0d27b6fd825e4f33eeff712b3883dd1558ac299aa3ff247f
SSDEEP

24576:J7q7j7KwlqqBk07A77wehggc7R7QqK7NT7CiYoeS:J7q7j7KVqG07A7ceJc7R7QqK7NSvFS

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb.exe

Resource

win7-20240508-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb.exe

Resource

win10v2004-20240508-en

sality backdoor evasion trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
- Size
  
  779KB
- MD5
  
  bd8ea337c7cdee0b3c864e4a674b4c54
- SHA1
  
  fefe53dca16c7af5b4831d288a67da11f50172da
- SHA256
  
  177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
- SHA512
  
  6d19256527a793f86d6bceb6c04499c168528e7b2039830d1012b3f7b0c31603ffb345aaade0838a0d27b6fd825e4f33eeff712b3883dd1558ac299aa3ff247f
- SSDEEP
  
  24576:J7q7j7KwlqqBk07A77wehggc7R7QqK7NT7CiYoeS:J7q7j7KVqG07A7ceJc7R7QqK7NSvFS
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Abuse Elevation Control Mechanism

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy