sality | f00a47b0af035d3f6f3afbe4ec6a03d9d041207ba2b478e4210c3e41b52f56ee | Triage

Submit
Reports

Overview

overview

Static

static

f00a47b0af...ee.exe

windows7-x64

f00a47b0af...ee.exe

windows10-2004-x64

Sharing

General

Target

f00a47b0af035d3f6f3afbe4ec6a03d9d041207ba2b478e4210c3e41b52f56ee
Size

196KB
Sample

221030-b2lytsgchk
MD5

a264b832bcf32228ab18a531217a1200
SHA1

ba9ad5ef8c6f66e443063f8662413198f1ca5d43
SHA256

f00a47b0af035d3f6f3afbe4ec6a03d9d041207ba2b478e4210c3e41b52f56ee
SHA512

6dace4992b1b1ae232daaefe199c4a435de5291f32c9b5dbbd0aadddb814edbcd73e8a076b7b2cde5b7cdb6b9f0b7e0cd9b29e129dee0c57f11db1f00ffb9830
SSDEEP

3072:psIRVMAuwsNMRQ3cqQgwtVU2+z+2lW5OVt4xzM6MCg1RCtynSeA4QpwRCdSR:7IAPs/mUs2ltVCJMj1RCtyhxQ2RC4

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f00a47b0af035d3f6f3afbe4ec6a03d9d041207ba2b478e4210c3e41b52f56ee.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f00a47b0af035d3f6f3afbe4ec6a03d9d041207ba2b478e4210c3e41b52f56ee.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  f00a47b0af035d3f6f3afbe4ec6a03d9d041207ba2b478e4210c3e41b52f56ee
- Size
  
  196KB
- MD5
  
  a264b832bcf32228ab18a531217a1200
- SHA1
  
  ba9ad5ef8c6f66e443063f8662413198f1ca5d43
- SHA256
  
  f00a47b0af035d3f6f3afbe4ec6a03d9d041207ba2b478e4210c3e41b52f56ee
- SHA512
  
  6dace4992b1b1ae232daaefe199c4a435de5291f32c9b5dbbd0aadddb814edbcd73e8a076b7b2cde5b7cdb6b9f0b7e0cd9b29e129dee0c57f11db1f00ffb9830
- SSDEEP
  
  3072:psIRVMAuwsNMRQ3cqQgwtVU2+z+2lW5OVt4xzM6MCg1RCtynSeA4QpwRCdSR:7IAPs/mUs2ltVCJMj1RCtyhxQ2RC4
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy