sality | a786ffc27c5eebcfdfda43ae78f15f66399bdedc8e805741acfcb1f4ce375a31 | Triage

Submit
Reports

Overview

overview

Static

static

a786ffc27c...31.exe

windows7-x64

a786ffc27c...31.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a786ffc27c5eebcfdfda43ae78f15f66399bdedc8e805741acfcb1f4ce375a31
Size

100KB
Sample

221205-p7fkwsbh77
MD5

3dac640b3cfac64b42d8b72d7d105cd8
SHA1

a95b4a0e7f93bf748f4ecb1f855acb31d4a7613a
SHA256

a786ffc27c5eebcfdfda43ae78f15f66399bdedc8e805741acfcb1f4ce375a31
SHA512

52c1fcdffc7b559fcdbc97d3fee76a02f75900c384ef87b84c2c9c54a9c287f57c52e4bccc32105d6f50cfe5c9302d33c42392b6b8d6cfea395d1a57736cad0e
SSDEEP

3072:nPb1y6q2SK1VqSWzeT4fd9XORUtGsFCoT3V:nPZc2SyV2Mk5Oy7B

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a786ffc27c5eebcfdfda43ae78f15f66399bdedc8e805741acfcb1f4ce375a31.exe

Resource

win7-20220812-en

sality backdoor evasion trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

a786ffc27c5eebcfdfda43ae78f15f66399bdedc8e805741acfcb1f4ce375a31.exe

Resource

win10v2004-20221111-en

sality backdoor evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  a786ffc27c5eebcfdfda43ae78f15f66399bdedc8e805741acfcb1f4ce375a31
- Size
  
  100KB
- MD5
  
  3dac640b3cfac64b42d8b72d7d105cd8
- SHA1
  
  a95b4a0e7f93bf748f4ecb1f855acb31d4a7613a
- SHA256
  
  a786ffc27c5eebcfdfda43ae78f15f66399bdedc8e805741acfcb1f4ce375a31
- SHA512
  
  52c1fcdffc7b559fcdbc97d3fee76a02f75900c384ef87b84c2c9c54a9c287f57c52e4bccc32105d6f50cfe5c9302d33c42392b6b8d6cfea395d1a57736cad0e
- SSDEEP
  
  3072:nPb1y6q2SK1VqSWzeT4fd9XORUtGsFCoT3V:nPZc2SyV2Mk5Oy7B
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy