sality | 167296f596acfc3636c93f975b5abb3395c5f5e760bc29d2535527642f4d40fa | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

167296f596...fa.exe

windows7-x64

167296f596...fa.exe

windows10-2004-x64

Sharing

General

Target

167296f596acfc3636c93f975b5abb3395c5f5e760bc29d2535527642f4d40fa
Size

151KB
Sample

221011-14g54agfh9
MD5

67e09eeb484866593e098c5423c8d549
SHA1

68477cbbbf1017a453dc670d4d107faf94476b62
SHA256

167296f596acfc3636c93f975b5abb3395c5f5e760bc29d2535527642f4d40fa
SHA512

80fa1ebf96f44bee7db557790377d88e053cb3c11e6e3444784d2374082b1473cb50acddb561cdcfc019cc320fb181540ffa5fc05d7ad23a1f806ffaf87b0635
SSDEEP

3072:6zII+9KM6idY1zwLv4IW+KZA1wX4WWHllmLZmn7EXd7vkN:El1zjksNUlmL2EXdzO

Score

10^/10

sality backdoor evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

167296f596acfc3636c93f975b5abb3395c5f5e760bc29d2535527642f4d40fa.exe

Resource

win7-20220812-en

sality backdoor evasion persistence trojan upx

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

167296f596acfc3636c93f975b5abb3395c5f5e760bc29d2535527642f4d40fa.exe

Resource

win10v2004-20220812-en

sality backdoor evasion persistence trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  167296f596acfc3636c93f975b5abb3395c5f5e760bc29d2535527642f4d40fa
- Size
  
  151KB
- MD5
  
  67e09eeb484866593e098c5423c8d549
- SHA1
  
  68477cbbbf1017a453dc670d4d107faf94476b62
- SHA256
  
  167296f596acfc3636c93f975b5abb3395c5f5e760bc29d2535527642f4d40fa
- SHA512
  
  80fa1ebf96f44bee7db557790377d88e053cb3c11e6e3444784d2374082b1473cb50acddb561cdcfc019cc320fb181540ffa5fc05d7ad23a1f806ffaf87b0635
- SSDEEP
  
  3072:6zII+9KM6idY1zwLv4IW+KZA1wX4WWHllmLZmn7EXd7vkN:El1zjksNUlmL2EXdzO
Score

10^/10

sality backdoor evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasionpersistencetrojanupx

behavioral2

salitybackdoorevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy