sality | 9637dcf857092875994dc2da107ddd0e158e72e922bb5262216fd6c22a407b8d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9637dcf857...8d.exe

windows7-x64

3

9637dcf857...8d.exe

windows10-2004-x64

Sharing

General

Target

9637dcf857092875994dc2da107ddd0e158e72e922bb5262216fd6c22a407b8d
Size

132KB
Sample

221203-vlt42sdc2y
MD5

3fa74391e59e563522afa45eac69d7f4
SHA1

17dfdba9c934267e7b0b181f607d88bcc5ad83f2
SHA256

9637dcf857092875994dc2da107ddd0e158e72e922bb5262216fd6c22a407b8d
SHA512

bc4bf211060e508c9b4ae9adb0d5ecf857d2743a2353dae1ef87aeffa4136ba3ed62d1aec348ab9d07a3225927738cfc4abc3315b0cd67710804dfd57be30746
SSDEEP

3072:8bRAo1gvjNBHzi7TV+3/2HnzR+lvqDGN/4e40XCeALawg:81ojHW7o2QlvqaNZvb0w

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

9637dcf857092875994dc2da107ddd0e158e72e922bb5262216fd6c22a407b8d.exe

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

9637dcf857092875994dc2da107ddd0e158e72e922bb5262216fd6c22a407b8d.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  9637dcf857092875994dc2da107ddd0e158e72e922bb5262216fd6c22a407b8d
- Size
  
  132KB
- MD5
  
  3fa74391e59e563522afa45eac69d7f4
- SHA1
  
  17dfdba9c934267e7b0b181f607d88bcc5ad83f2
- SHA256
  
  9637dcf857092875994dc2da107ddd0e158e72e922bb5262216fd6c22a407b8d
- SHA512
  
  bc4bf211060e508c9b4ae9adb0d5ecf857d2743a2353dae1ef87aeffa4136ba3ed62d1aec348ab9d07a3225927738cfc4abc3315b0cd67710804dfd57be30746
- SSDEEP
  
  3072:8bRAo1gvjNBHzi7TV+3/2HnzR+lvqDGN/4e40XCeALawg:81ojHW7o2QlvqaNZvb0w
Score

10^/10

sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy