sality | e523ed36119ca4270433f82b18f24557ce3d8eb8206a3ad42cd3e579d285666b | Triage

Submit
Reports

Overview

overview

Static

static

e523ed3611...6b.exe

windows7-x64

e523ed3611...6b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

e523ed36119ca4270433f82b18f24557ce3d8eb8206a3ad42cd3e579d285666b
Size

648KB
Sample

221204-bn4xgshf6s
MD5

244f23178281be5ceacdf9e24dbfb0d0
SHA1

76f353dcf9cfbc4db5a5671c4ccb272cdf7a187f
SHA256

e523ed36119ca4270433f82b18f24557ce3d8eb8206a3ad42cd3e579d285666b
SHA512

4b65d097f4599895e3b1f586f634ab5eaa2bf5f908f11efd75785034b00b3c29b242a0410866b8bcdb3314c8aa4adbc37f4f319d71b23636f0a07e416fbb0b39
SSDEEP

12288:xdOpNX1hPVCyplLspwPUQgSKM8mGqL2Hr7:POpNtCO1rHGA2H

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e523ed36119ca4270433f82b18f24557ce3d8eb8206a3ad42cd3e579d285666b.exe

Resource

win7-20221111-en

sality backdoor evasion trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e523ed36119ca4270433f82b18f24557ce3d8eb8206a3ad42cd3e579d285666b.exe

Resource

win10v2004-20221111-en

sality backdoor evasion trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  e523ed36119ca4270433f82b18f24557ce3d8eb8206a3ad42cd3e579d285666b
- Size
  
  648KB
- MD5
  
  244f23178281be5ceacdf9e24dbfb0d0
- SHA1
  
  76f353dcf9cfbc4db5a5671c4ccb272cdf7a187f
- SHA256
  
  e523ed36119ca4270433f82b18f24557ce3d8eb8206a3ad42cd3e579d285666b
- SHA512
  
  4b65d097f4599895e3b1f586f634ab5eaa2bf5f908f11efd75785034b00b3c29b242a0410866b8bcdb3314c8aa4adbc37f4f319d71b23636f0a07e416fbb0b39
- SSDEEP
  
  12288:xdOpNX1hPVCyplLspwPUQgSKM8mGqL2Hr7:POpNtCO1rHGA2H
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy