sality | 06d776c3f4d4c36bacc0f7574fdb1b0a12b7cd54ecfe90f935ac474aeff21991 | Triage

Submit
Reports

Overview

overview

Static

static

06d776c3f4...91.exe

windows7-x64

06d776c3f4...91.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

06d776c3f4d4c36bacc0f7574fdb1b0a12b7cd54ecfe90f935ac474aeff21991
Size

215KB
Sample

221107-vgn28sbahk
MD5

0f09a32d3373bbd28a64588cc3d437f8
SHA1

f0b2f8b615e52ea77347025c7a92bf5404a698d9
SHA256

06d776c3f4d4c36bacc0f7574fdb1b0a12b7cd54ecfe90f935ac474aeff21991
SHA512

e83a4437d6eab3b7b125e721655bf2a48da9fcca97fd393324c7eec4927475aec75b9f7b50cccc57e20dc975befca5d6b189fc5b2811b67227586850b8b7ffeb
SSDEEP

6144:68hIlt0vA7LGgc18jkpnpnn6s008Y8WDHNFB:68hIlt0Y7jc18Appn38Y8WDtr

Score

10^/10

sality backdoor evasion spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

06d776c3f4d4c36bacc0f7574fdb1b0a12b7cd54ecfe90f935ac474aeff21991.exe

Resource

win7-20220812-en

sality backdoor evasion spyware stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

06d776c3f4d4c36bacc0f7574fdb1b0a12b7cd54ecfe90f935ac474aeff21991.exe

Resource

win10v2004-20220812-en

sality backdoor evasion spyware stealer trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  06d776c3f4d4c36bacc0f7574fdb1b0a12b7cd54ecfe90f935ac474aeff21991
- Size
  
  215KB
- MD5
  
  0f09a32d3373bbd28a64588cc3d437f8
- SHA1
  
  f0b2f8b615e52ea77347025c7a92bf5404a698d9
- SHA256
  
  06d776c3f4d4c36bacc0f7574fdb1b0a12b7cd54ecfe90f935ac474aeff21991
- SHA512
  
  e83a4437d6eab3b7b125e721655bf2a48da9fcca97fd393324c7eec4927475aec75b9f7b50cccc57e20dc975befca5d6b189fc5b2811b67227586850b8b7ffeb
- SSDEEP
  
  6144:68hIlt0vA7LGgc18jkpnpnn6s008Y8WDHNFB:68hIlt0Y7jc18Appn38Y8WDtr
Score

10^/10

sality backdoor evasion spyware stealer trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasionspywarestealertrojanupx

behavioral2

salitybackdoorevasionspywarestealertrojanupx

© 2018-2025

Terms | Privacy