sality | 8b7ff15afd5387dd67472183ee3565e76e82d62d86112e41a0938ea713744541 | Triage

Submit
Reports

Overview

overview

Static

static

3

8b7ff15afd...41.exe

windows7-x64

8b7ff15afd...41.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

8b7ff15afd5387dd67472183ee3565e76e82d62d86112e41a0938ea713744541
Size

349KB
Sample

231123-rgt2psab83
MD5

af8b4c6d2670ca5c39a4bd04e4dae047
SHA1

72b252cd5fdb7e6bcae1dca102ee9c567d7ac89a
SHA256

8b7ff15afd5387dd67472183ee3565e76e82d62d86112e41a0938ea713744541
SHA512

58860b69d048c5439f5d06bf645b6111d4d1d748f392eff992e0d817f81f1d7025f3bfe11b2ee9463178a6d8771644573d852e9a61121e00ed25ff17c3f7d5f4
SSDEEP

6144:MAagfkTC3dM7B+mC4CVcZAfVxbJOqVBV+UdvrEFp7hKRft:MAagfky6B+mC3jJLBjvrEH7sft

Score

10^/10

sality backdoor persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8b7ff15afd5387dd67472183ee3565e76e82d62d86112e41a0938ea713744541.exe

Resource

win7-20231025-en

sality backdoor persistence upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b7ff15afd5387dd67472183ee3565e76e82d62d86112e41a0938ea713744541.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  8b7ff15afd5387dd67472183ee3565e76e82d62d86112e41a0938ea713744541
- Size
  
  349KB
- MD5
  
  af8b4c6d2670ca5c39a4bd04e4dae047
- SHA1
  
  72b252cd5fdb7e6bcae1dca102ee9c567d7ac89a
- SHA256
  
  8b7ff15afd5387dd67472183ee3565e76e82d62d86112e41a0938ea713744541
- SHA512
  
  58860b69d048c5439f5d06bf645b6111d4d1d748f392eff992e0d817f81f1d7025f3bfe11b2ee9463178a6d8771644573d852e9a61121e00ed25ff17c3f7d5f4
- SSDEEP
  
  6144:MAagfkTC3dM7B+mC4CVcZAfVxbJOqVBV+UdvrEFp7hKRft:MAagfky6B+mC3jJLBjvrEH7sft
Score

10^/10

sality backdoor persistence upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Modifies AppInit DLL entries
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorpersistenceupx

behavioral2

© 2018-2025

Terms | Privacy