sality | 0b87fb9be9cc8adedbd6d747cf7fe25ff324659cb006f05d9716218d98c7adc9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

补丁校�...��.exe

windows7-x64

补丁校�...��.exe

windows10-2004-x64

Sharing

General

Target

补丁校验包制作工具.exe
Size

140KB
Sample

230614-h7cexaed5w
MD5

ab77792d3b90f5f2c298d4e42a9a09ec
SHA1

3e51a53026c60e4d32acab488a8f25df558297e7
SHA256

0b87fb9be9cc8adedbd6d747cf7fe25ff324659cb006f05d9716218d98c7adc9
SHA512

f53c74bac8d67a8b7eeb1364ed3707e2588af619592e4b2eaca65e7e9bdb15e4ce3687654e114a88bc448fadeff5ccbc6cc53076a0c6806104835eca3b5975b4
SSDEEP

3072:XPu20auEel8JNfp0IVoBArO8LRfLYSvVhrTJOU:XO/cKAdfL7vVhnR

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

补丁校验包制作工具.exe

Resource

win7-20230220-en

sality backdoor evasion trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

补丁校验包制作工具.exe

Resource

win10v2004-20230220-en

sality backdoor evasion trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  补丁校验包制作工具.exe
- Size
  
  140KB
- MD5
  
  ab77792d3b90f5f2c298d4e42a9a09ec
- SHA1
  
  3e51a53026c60e4d32acab488a8f25df558297e7
- SHA256
  
  0b87fb9be9cc8adedbd6d747cf7fe25ff324659cb006f05d9716218d98c7adc9
- SHA512
  
  f53c74bac8d67a8b7eeb1364ed3707e2588af619592e4b2eaca65e7e9bdb15e4ce3687654e114a88bc448fadeff5ccbc6cc53076a0c6806104835eca3b5975b4
- SSDEEP
  
  3072:XPu20auEel8JNfp0IVoBArO8LRfLYSvVhrTJOU:XO/cKAdfL7vVhnR
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy