sality | 967463a91caf23f8514609d0dc32524cb844f87e37a545fb7bd2794e1c2a84c5 | Triage

Submit
Reports

Overview

overview

Static

static

967463a91c...c5.exe

windows7-x64

967463a91c...c5.exe

windows10-2004-x64

Sharing

General

Target

967463a91caf23f8514609d0dc32524cb844f87e37a545fb7bd2794e1c2a84c5
Size

147KB
Sample

221106-xhl1daacbp
MD5

09fbc899c2df385382f9b8e417e4b290
SHA1

519f812de9a51f2b274727afefe97ce401c0178c
SHA256

967463a91caf23f8514609d0dc32524cb844f87e37a545fb7bd2794e1c2a84c5
SHA512

de8f5e36ba20408c30159f6e4d23226cd74f7b7dedc1669a0cb9a2543d4025412cd8c665ec8ee4cf69e79acdc838e6e77e1857f67818d053c5ba18c52226f4c1
SSDEEP

3072:IjMx0S1WbAyQE4Z2Ozi0pFh1HtMlRlZkXQTmUzB1Nz/SD:mALzE4Z2Oz7jKSoBnNzc

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

967463a91caf23f8514609d0dc32524cb844f87e37a545fb7bd2794e1c2a84c5.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

967463a91caf23f8514609d0dc32524cb844f87e37a545fb7bd2794e1c2a84c5.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  967463a91caf23f8514609d0dc32524cb844f87e37a545fb7bd2794e1c2a84c5
- Size
  
  147KB
- MD5
  
  09fbc899c2df385382f9b8e417e4b290
- SHA1
  
  519f812de9a51f2b274727afefe97ce401c0178c
- SHA256
  
  967463a91caf23f8514609d0dc32524cb844f87e37a545fb7bd2794e1c2a84c5
- SHA512
  
  de8f5e36ba20408c30159f6e4d23226cd74f7b7dedc1669a0cb9a2543d4025412cd8c665ec8ee4cf69e79acdc838e6e77e1857f67818d053c5ba18c52226f4c1
- SSDEEP
  
  3072:IjMx0S1WbAyQE4Z2Ozi0pFh1HtMlRlZkXQTmUzB1Nz/SD:mALzE4Z2Oz7jKSoBnNzc
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy