sality | 04942f3fbc85272f5a5c4d46a5759d80c9df6da59124389112dd10520785eaf9 | Triage

Submit
Reports

Overview

overview

Static

static

04942f3fbc...f9.exe

windows7-x64

04942f3fbc...f9.exe

windows10-2004-x64

Sharing

General

Target

04942f3fbc85272f5a5c4d46a5759d80c9df6da59124389112dd10520785eaf9
Size

251KB
Sample

221002-x7nkhaffg4
MD5

6795403fd25c4c499ebff2a64d1b7243
SHA1

5fb8cd6cd0a081f10f5c1bb5070576c129ecff18
SHA256

04942f3fbc85272f5a5c4d46a5759d80c9df6da59124389112dd10520785eaf9
SHA512

e7e027098f829a2db1a9d58bc4f7b132c07aa4f54e6306a8dc44d20c7a9309f28f3f2f9ae00e5c788da25ba64dd094e775af1e7db22bd47ecb31d57cd000d5eb
SSDEEP

3072:xRxn3k0CdM1vabyzJYWqQa2xVg9p6ajZSGFMBxODDERldM0BeL6wguAsoBm:xRJ0LS6VCVMZSGrDDEXM8Vy

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

04942f3fbc85272f5a5c4d46a5759d80c9df6da59124389112dd10520785eaf9.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

04942f3fbc85272f5a5c4d46a5759d80c9df6da59124389112dd10520785eaf9.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  04942f3fbc85272f5a5c4d46a5759d80c9df6da59124389112dd10520785eaf9
- Size
  
  251KB
- MD5
  
  6795403fd25c4c499ebff2a64d1b7243
- SHA1
  
  5fb8cd6cd0a081f10f5c1bb5070576c129ecff18
- SHA256
  
  04942f3fbc85272f5a5c4d46a5759d80c9df6da59124389112dd10520785eaf9
- SHA512
  
  e7e027098f829a2db1a9d58bc4f7b132c07aa4f54e6306a8dc44d20c7a9309f28f3f2f9ae00e5c788da25ba64dd094e775af1e7db22bd47ecb31d57cd000d5eb
- SSDEEP
  
  3072:xRxn3k0CdM1vabyzJYWqQa2xVg9p6ajZSGFMBxODDERldM0BeL6wguAsoBm:xRJ0LS6VCVMZSGrDDEXM8Vy
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy