sality | b6054c17ab42bb979459e1e0c59402de0c741b4f8356708f1da59aa51df7fe57 | Triage

Submit
Reports

Overview

overview

Static

static

b6054c17ab...57.exe

windows7-x64

3

b6054c17ab...57.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b6054c17ab42bb979459e1e0c59402de0c741b4f8356708f1da59aa51df7fe57
Size

677KB
Sample

221205-n45j6sbh7z
MD5

d76f879d4297e83d3c5728470e260d7a
SHA1

b212494b33bf993769ff0c32a47caa706ae6285d
SHA256

b6054c17ab42bb979459e1e0c59402de0c741b4f8356708f1da59aa51df7fe57
SHA512

6141f651bc32bb342f2b05e4ecad310f975297b0911adf069d802cb09a11a184ee850e210efa6964f421929c797e5eb8aa1115cbd4c5cede6205ec65f0127867
SSDEEP

12288:23TdtLW5WIj1YSSdFxDBSXYMzBUWb9lx/9AgHLo8OW+rBQeh8RVG:gDsj1dEzBc/9nPx/igrp+18RE

Score

10^/10

sality backdoor evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b6054c17ab42bb979459e1e0c59402de0c741b4f8356708f1da59aa51df7fe57.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

b6054c17ab42bb979459e1e0c59402de0c741b4f8356708f1da59aa51df7fe57.exe

Resource

win10v2004-20220812-en

sality backdoor evasion persistence trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  b6054c17ab42bb979459e1e0c59402de0c741b4f8356708f1da59aa51df7fe57
- Size
  
  677KB
- MD5
  
  d76f879d4297e83d3c5728470e260d7a
- SHA1
  
  b212494b33bf993769ff0c32a47caa706ae6285d
- SHA256
  
  b6054c17ab42bb979459e1e0c59402de0c741b4f8356708f1da59aa51df7fe57
- SHA512
  
  6141f651bc32bb342f2b05e4ecad310f975297b0911adf069d802cb09a11a184ee850e210efa6964f421929c797e5eb8aa1115cbd4c5cede6205ec65f0127867
- SSDEEP
  
  12288:23TdtLW5WIj1YSSdFxDBSXYMzBUWb9lx/9AgHLo8OW+rBQeh8RVG:gDsj1dEzBc/9nPx/igrp+18RE
Score

10^/10

sality backdoor evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoorevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy