sality | 5168f3dc09e91493f1f125b3f3b6165bb0f270bc577525aecdf7a4c4b4c11466 | Triage

Submit
Reports

Overview

overview

Static

static

5168f3dc09...66.exe

windows7-x64

3

5168f3dc09...66.exe

windows10-2004-x64

Sharing

General

Target

5168f3dc09e91493f1f125b3f3b6165bb0f270bc577525aecdf7a4c4b4c11466
Size

148KB
Sample

221003-w3abmsagcl
MD5

2d6945cb8d9ba0653635f51f9ede83c0
SHA1

033d9efede8071e177c8de14058f79e1f2a30959
SHA256

5168f3dc09e91493f1f125b3f3b6165bb0f270bc577525aecdf7a4c4b4c11466
SHA512

c99a355d85bc5cdc7614d6e0aaf04616043be006c7feac5c2aec8cc1eb0977476e77d5cd84b4854b9c1aeb41fdce7743456a9790b3ced0e17b3ab7a24f5e7096
SSDEEP

3072:wZk0QpFZyOSAYZRx6iDrhfMUpQQ2oDPObX9PoSkG+vOXHPxDUKVK:wZk0lrp3qX9QSv4Cs

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

5168f3dc09e91493f1f125b3f3b6165bb0f270bc577525aecdf7a4c4b4c11466.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

5168f3dc09e91493f1f125b3f3b6165bb0f270bc577525aecdf7a4c4b4c11466.exe

Resource

win10v2004-20220901-en

sality backdoor evasion trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  5168f3dc09e91493f1f125b3f3b6165bb0f270bc577525aecdf7a4c4b4c11466
- Size
  
  148KB
- MD5
  
  2d6945cb8d9ba0653635f51f9ede83c0
- SHA1
  
  033d9efede8071e177c8de14058f79e1f2a30959
- SHA256
  
  5168f3dc09e91493f1f125b3f3b6165bb0f270bc577525aecdf7a4c4b4c11466
- SHA512
  
  c99a355d85bc5cdc7614d6e0aaf04616043be006c7feac5c2aec8cc1eb0977476e77d5cd84b4854b9c1aeb41fdce7743456a9790b3ced0e17b3ab7a24f5e7096
- SSDEEP
  
  3072:wZk0QpFZyOSAYZRx6iDrhfMUpQQ2oDPObX9PoSkG+vOXHPxDUKVK:wZk0lrp3qX9QSv4Cs
Score

10^/10

sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy