sality | 6bf17191d96535188880eefec919d6e8f27cebe1b539e36f0409c52f1b7f911f | Triage

Submit
Reports

Overview

overview

Static

static

6bf17191d9...1f.exe

windows7-x64

6bf17191d9...1f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6bf17191d96535188880eefec919d6e8f27cebe1b539e36f0409c52f1b7f911f
Size

234KB
Sample

221127-x6ydbagf4t
MD5

1039139a5f39c44da4492cd0a1a1797d
SHA1

7acbb38e9952feac772954547465b35d0fd57814
SHA256

6bf17191d96535188880eefec919d6e8f27cebe1b539e36f0409c52f1b7f911f
SHA512

7cf638da7005551a4cb98f27959373b01bba22678db0ade47bc501c6336e4e81e4f3ccdb0abff706a4d765fda92fe9a80c76066f34c282a32ecc1262be2737a2
SSDEEP

6144:rebSzr0gNIxQBIPs6DrEZ+sWItMT8S+jKcnq:aU/axaUHpsWRTx+3q

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6bf17191d96535188880eefec919d6e8f27cebe1b539e36f0409c52f1b7f911f.exe

Resource

win7-20220901-en

sality backdoor evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bf17191d96535188880eefec919d6e8f27cebe1b539e36f0409c52f1b7f911f.exe

Resource

win10v2004-20220901-en

sality backdoor evasion trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  6bf17191d96535188880eefec919d6e8f27cebe1b539e36f0409c52f1b7f911f
- Size
  
  234KB
- MD5
  
  1039139a5f39c44da4492cd0a1a1797d
- SHA1
  
  7acbb38e9952feac772954547465b35d0fd57814
- SHA256
  
  6bf17191d96535188880eefec919d6e8f27cebe1b539e36f0409c52f1b7f911f
- SHA512
  
  7cf638da7005551a4cb98f27959373b01bba22678db0ade47bc501c6336e4e81e4f3ccdb0abff706a4d765fda92fe9a80c76066f34c282a32ecc1262be2737a2
- SSDEEP
  
  6144:rebSzr0gNIxQBIPs6DrEZ+sWItMT8S+jKcnq:aU/axaUHpsWRTx+3q
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy