sality | 3aded6a1f253824b99b71152336b856e43b51e46988451a8bf452ce63189957f | Triage

Submit
Reports

Overview

overview

Static

static

3aded6a1f2...7f.exe

windows7-x64

3aded6a1f2...7f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3aded6a1f253824b99b71152336b856e43b51e46988451a8bf452ce63189957f
Size

443KB
Sample

221106-xtq4gaager
MD5

0e68d375ab141e88417c0f3198e02d30
SHA1

cbaa38ea4867f62907713684dd6a8c503efc7d24
SHA256

3aded6a1f253824b99b71152336b856e43b51e46988451a8bf452ce63189957f
SHA512

53f7780899d8e1cd488560eba786da8d90af49e89021349df9ee5bf416458d49a609125fff3bf425040a9892e0ad5c90887336776f44f7c7c47f8ea7b91d0d63
SSDEEP

6144:FWWcGK4EDyGaLquWIVAJvRmiaPd+avl+LwedO0BrTNMlmSo4aA3dw:FWvy2gq7vFDwe00BrQllaA3dw

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

3aded6a1f253824b99b71152336b856e43b51e46988451a8bf452ce63189957f.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3aded6a1f253824b99b71152336b856e43b51e46988451a8bf452ce63189957f.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  3aded6a1f253824b99b71152336b856e43b51e46988451a8bf452ce63189957f
- Size
  
  443KB
- MD5
  
  0e68d375ab141e88417c0f3198e02d30
- SHA1
  
  cbaa38ea4867f62907713684dd6a8c503efc7d24
- SHA256
  
  3aded6a1f253824b99b71152336b856e43b51e46988451a8bf452ce63189957f
- SHA512
  
  53f7780899d8e1cd488560eba786da8d90af49e89021349df9ee5bf416458d49a609125fff3bf425040a9892e0ad5c90887336776f44f7c7c47f8ea7b91d0d63
- SSDEEP
  
  6144:FWWcGK4EDyGaLquWIVAJvRmiaPd+avl+LwedO0BrTNMlmSo4aA3dw:FWvy2gq7vFDwe00BrQllaA3dw
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy