sality | d2d62a7d6b43cc1536c318f8fe05dc9e615887f12ed2e564fc7485a945617667 | Triage

Submit
Reports

Overview

overview

Static

static

7

1dfcc6efa6...18.exe

windows7-x64

7

1dfcc6efa6...18.exe

windows10-2004-x64

Sharing

General

Target

1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118
Size

612KB
Sample

240702-ezyrdszakm
MD5

1dfcc6efa62231c7e03a4c4a580acb17
SHA1

a3da94d517a842cefe9483210a65307bd78bc0cd
SHA256

d2d62a7d6b43cc1536c318f8fe05dc9e615887f12ed2e564fc7485a945617667
SHA512

805398310ec3b291daa8b7a1f5a35fcd3909b03910cf1b0cb8904ead8d951d22a3b92d99c4f639538f70d20c059449e8dcdbc03040e450d3d0b863f96bc6ac91
SSDEEP

12288:YGcQhuDCRI5YlKZhyeLtHgTl2XtJ6suL1fIjQncllK9KNbN5e:FuDCeYlKKQgTGaIkcK9cPe

Score

10^/10

sality backdoor evasion persistence privilege_escalation themida trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118.exe

Resource

win7-20240508-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118.exe

Resource

win10v2004-20240508-en

sality backdoor evasion persistence privilege_escalation trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  1dfcc6efa62231c7e03a4c4a580acb17_JaffaCakes118
- Size
  
  612KB
- MD5
  
  1dfcc6efa62231c7e03a4c4a580acb17
- SHA1
  
  a3da94d517a842cefe9483210a65307bd78bc0cd
- SHA256
  
  d2d62a7d6b43cc1536c318f8fe05dc9e615887f12ed2e564fc7485a945617667
- SHA512
  
  805398310ec3b291daa8b7a1f5a35fcd3909b03910cf1b0cb8904ead8d951d22a3b92d99c4f639538f70d20c059449e8dcdbc03040e450d3d0b863f96bc6ac91
- SSDEEP
  
  12288:YGcQhuDCRI5YlKZhyeLtHgTl2XtJ6suL1fIjQncllK9KNbN5e:FuDCeYlKKQgTGaIkcK9cPe
Score

10^/10

upx sality backdoor evasion persistence privilege_escalation trojan
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasionpersistenceprivilege_escalationtrojanupx

© 2018-2024

Terms | Privacy