sality | 38cd5625a947de772cd84546e8fdb743d85d7ce7523ec30fbc5ecb8d7471703c | Triage

Submit
Reports

Overview

overview

Static

static

3

38cd5625a9...3c.exe

windows7-x64

38cd5625a9...3c.exe

windows10-2004-x64

Resubmissions

29-11-2024 09:09

241129-k4q51axkaz 10

31-12-2023 09:44

231231-lqqsraeacp 10

Sharing

General

Target

38cd5625a947de772cd84546e8fdb743d85d7ce7523ec30fbc5ecb8d7471703c
Size

3.4MB
Sample

231231-lqqsraeacp
MD5

841907da61afc25c6c092c7fa2113201
SHA1

54f20ee5fc2a720d6a5c4d9cdd3efbf481a7a7ae
SHA256

38cd5625a947de772cd84546e8fdb743d85d7ce7523ec30fbc5ecb8d7471703c
SHA512

707cef7515033719a1f7a072feafb7072362419b01596f4521ace31f50aa36aa0f8a91a271f3518cb69762a6318f902bcc379641779454b60f9b877df34751cd
SSDEEP

49152:XsbUHw+HnsHyjtk2MYC5GDQICvNYGtOGjM8QvL4OkEqtFry3Vo5Sn7+:cbUHw+Hnsmtk2a9xYL49Eqtk3K5q7+

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

38cd5625a947de772cd84546e8fdb743d85d7ce7523ec30fbc5ecb8d7471703c.exe

Resource

win7-20231215-en

sality backdoor evasion trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

38cd5625a947de772cd84546e8fdb743d85d7ce7523ec30fbc5ecb8d7471703c.exe

Resource

win10v2004-20231215-en

sality backdoor evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  38cd5625a947de772cd84546e8fdb743d85d7ce7523ec30fbc5ecb8d7471703c
- Size
  
  3.4MB
- MD5
  
  841907da61afc25c6c092c7fa2113201
- SHA1
  
  54f20ee5fc2a720d6a5c4d9cdd3efbf481a7a7ae
- SHA256
  
  38cd5625a947de772cd84546e8fdb743d85d7ce7523ec30fbc5ecb8d7471703c
- SHA512
  
  707cef7515033719a1f7a072feafb7072362419b01596f4521ace31f50aa36aa0f8a91a271f3518cb69762a6318f902bcc379641779454b60f9b877df34751cd
- SSDEEP
  
  49152:XsbUHw+HnsHyjtk2MYC5GDQICvNYGtOGjM8QvL4OkEqtFry3Vo5Sn7+:cbUHw+Hnsmtk2a9xYL49Eqtk3K5q7+
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy