sality | 7373e863b10397c6cd7bcd73203a7e1cf670764999fd613ad6c913d3ba4be367 | Triage

Submit
Reports

Overview

overview

Static

static

7373e863b1...67.exe

windows7-x64

6

7373e863b1...67.exe

windows10-2004-x64

Sharing

General

Target

7373e863b10397c6cd7bcd73203a7e1cf670764999fd613ad6c913d3ba4be367
Size

390KB
Sample

221004-fnls5adbfj
MD5

375355f279bd0153e600bc2ea402e5d2
SHA1

b9594c2210bc3e5eb74159c00d70afe8efe0397a
SHA256

7373e863b10397c6cd7bcd73203a7e1cf670764999fd613ad6c913d3ba4be367
SHA512

9ad64b5a92315daa74f208242f3a575c816211a77c23e1c6782d4497d2c116c5eb01795627d7e0a4f4c964627c040d7c5fc1ed00197da2e46c6f383e1069d0e9
SSDEEP

6144:82mBQ3nQvtoFxpNsTrZ0+T2iGiIMXOrWnuopmp4TyQOI5JgpcvqNplcOtYl:82mBQgqxpNsBffbzXU9GT0Iw5pBte

Score

10^/10

sality backdoor bootkit evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7373e863b10397c6cd7bcd73203a7e1cf670764999fd613ad6c913d3ba4be367.exe

Resource

win7-20220901-en

bootkit persistence

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

7373e863b10397c6cd7bcd73203a7e1cf670764999fd613ad6c913d3ba4be367.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  7373e863b10397c6cd7bcd73203a7e1cf670764999fd613ad6c913d3ba4be367
- Size
  
  390KB
- MD5
  
  375355f279bd0153e600bc2ea402e5d2
- SHA1
  
  b9594c2210bc3e5eb74159c00d70afe8efe0397a
- SHA256
  
  7373e863b10397c6cd7bcd73203a7e1cf670764999fd613ad6c913d3ba4be367
- SHA512
  
  9ad64b5a92315daa74f208242f3a575c816211a77c23e1c6782d4497d2c116c5eb01795627d7e0a4f4c964627c040d7c5fc1ed00197da2e46c6f383e1069d0e9
- SSDEEP
  
  6144:82mBQ3nQvtoFxpNsTrZ0+T2iGiIMXOrWnuopmp4TyQOI5JgpcvqNplcOtYl:82mBQgqxpNsBffbzXU9GT0Iw5pBte
Score

10^/10

bootkit persistence sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy