sality | 602bf618e9d31d99031944b2af409062df46f2e7cb7a409c7d15f0fbebc95cc0 | Triage

Submit
Reports

Overview

overview

Static

static

602bf618e9...c0.exe

windows7-x64

602bf618e9...c0.exe

windows10-2004-x64

Sharing

General

Target

602bf618e9d31d99031944b2af409062df46f2e7cb7a409c7d15f0fbebc95cc0
Size

1012KB
Sample

221019-se64xsdcek
MD5

90afabb304c0a32348598bf6ea2c3eff
SHA1

9135f3e8e5410522f024d636fd61d1f0033f0df4
SHA256

602bf618e9d31d99031944b2af409062df46f2e7cb7a409c7d15f0fbebc95cc0
SHA512

2d7866132511f94d1b0b6944b065e62c03230761958ea70106000298962468a19ab91c76d9137941ce462e353c8c529a97d1bcd47b36467c505c9f5ddce85fc6
SSDEEP

12288:RgdLZ77GT7GmYRpuEcutuFY1hGoksq6iTZaAZaWZSZvd9ZEAPRzaO2J5KLY9QRso:RgLGTpo9qlBAP66ZDGUoFKiYBE2

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

602bf618e9d31d99031944b2af409062df46f2e7cb7a409c7d15f0fbebc95cc0.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

602bf618e9d31d99031944b2af409062df46f2e7cb7a409c7d15f0fbebc95cc0.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

- Target
  
  602bf618e9d31d99031944b2af409062df46f2e7cb7a409c7d15f0fbebc95cc0
- Size
  
  1012KB
- MD5
  
  90afabb304c0a32348598bf6ea2c3eff
- SHA1
  
  9135f3e8e5410522f024d636fd61d1f0033f0df4
- SHA256
  
  602bf618e9d31d99031944b2af409062df46f2e7cb7a409c7d15f0fbebc95cc0
- SHA512
  
  2d7866132511f94d1b0b6944b065e62c03230761958ea70106000298962468a19ab91c76d9137941ce462e353c8c529a97d1bcd47b36467c505c9f5ddce85fc6
- SSDEEP
  
  12288:RgdLZ77GT7GmYRpuEcutuFY1hGoksq6iTZaAZaWZSZvd9ZEAPRzaO2J5KLY9QRso:RgLGTpo9qlBAP66ZDGUoFKiYBE2
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy