sality | d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

d8eba7fb40...d8.dll

windows7-x64

d8eba7fb40...d8.dll

windows10-2004-x64

Sharing

General

Target

d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8
Size

120KB
Sample

221019-vqf3zshbc7
MD5

831f41b899e260f0358af779744d6803
SHA1

20bb9e69850233974c706ec3308db88ef4480f8d
SHA256

d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8
SHA512

16b6197ff94179708a1f3b46419bd0778d85a2e075d8340e9feea722407cd003f89158821a431afb1cdda59e4e133f847a44579215a3a6488e1d3db95489de43
SSDEEP

3072:bZf1HFqSHmltvl81KiE8SCX1Ck4+1YCWtW9:bZFHHEXiE8hFCkR2H

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8.dll

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8.dll

Resource

win10v2004-20220901-en

sality backdoor evasion trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8
- Size
  
  120KB
- MD5
  
  831f41b899e260f0358af779744d6803
- SHA1
  
  20bb9e69850233974c706ec3308db88ef4480f8d
- SHA256
  
  d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8
- SHA512
  
  16b6197ff94179708a1f3b46419bd0778d85a2e075d8340e9feea722407cd003f89158821a431afb1cdda59e4e133f847a44579215a3a6488e1d3db95489de43
- SSDEEP
  
  3072:bZf1HFqSHmltvl81KiE8SCX1Ck4+1YCWtW9:bZFHHEXiE8hFCkR2H
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy