sality | 813fc4a0f58f8d3a7d2bedf49c6bfeb581630d4452fb94dbbb3fb8c792ba4dc7 | Triage

Submit
Reports

Overview

overview

Static

static

813fc4a0f5...c7.exe

windows7-x64

813fc4a0f5...c7.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

813fc4a0f58f8d3a7d2bedf49c6bfeb581630d4452fb94dbbb3fb8c792ba4dc7
Size

129KB
Sample

221205-qapmzacc43
MD5

3ebc997486bca1cda946f75e633b4bed
SHA1

742a042100aecac9ccab0eda91b2799429a86c8d
SHA256

813fc4a0f58f8d3a7d2bedf49c6bfeb581630d4452fb94dbbb3fb8c792ba4dc7
SHA512

14629cb55ba78cfb9fd050433c3c407427ca878a737b4fea2147ec260cf9ac332677a8a8154094dc26cba6a5baf4f4a69f8ac7e66a31b3859704ecd2f8bdbc2d
SSDEEP

3072:GA3GUkl88MWluQ/NBB6a1di6GA0KymT66srPI:RWMWlT/NH6gTGAwm26srPI

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

813fc4a0f58f8d3a7d2bedf49c6bfeb581630d4452fb94dbbb3fb8c792ba4dc7.exe

Resource

win7-20221111-en

sality backdoor evasion trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

813fc4a0f58f8d3a7d2bedf49c6bfeb581630d4452fb94dbbb3fb8c792ba4dc7.exe

Resource

win10v2004-20220812-en

sality backdoor evasion trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  813fc4a0f58f8d3a7d2bedf49c6bfeb581630d4452fb94dbbb3fb8c792ba4dc7
- Size
  
  129KB
- MD5
  
  3ebc997486bca1cda946f75e633b4bed
- SHA1
  
  742a042100aecac9ccab0eda91b2799429a86c8d
- SHA256
  
  813fc4a0f58f8d3a7d2bedf49c6bfeb581630d4452fb94dbbb3fb8c792ba4dc7
- SHA512
  
  14629cb55ba78cfb9fd050433c3c407427ca878a737b4fea2147ec260cf9ac332677a8a8154094dc26cba6a5baf4f4a69f8ac7e66a31b3859704ecd2f8bdbc2d
- SSDEEP
  
  3072:GA3GUkl88MWluQ/NBB6a1di6GA0KymT66srPI:RWMWlT/NH6gTGAwm26srPI
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy