sality | d119f997b951705282360c8614f6a7590b0aae5c5f9c609cea0da57063739f34 | Triage

Submit
Reports

Overview

overview

Static

static

3

d119f997b9...34.dll

windows7-x64

d119f997b9...34.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d119f997b951705282360c8614f6a7590b0aae5c5f9c609cea0da57063739f34
Size

120KB
Sample

240505-e8t5kaad45
MD5

0a577525c14e2344c04a2011c5b7431a
SHA1

89ba95e736fd6498f548ab42d2990a1da305149f
SHA256

d119f997b951705282360c8614f6a7590b0aae5c5f9c609cea0da57063739f34
SHA512

5b432daab039e74489e1ed9baadecda3d923073cc37c3e1d2f797c5396e87a60f0513541235cc0cbbeefe1f7b276a57baa2ae262998d738a386d856f7767b774
SSDEEP

3072:zUVmTnO6zF5oX04ITDW/2ERbMqBcKzvRmJ:nO6xOKW/2ENjBxJmJ

Score

10^/10

sality backdoor evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d119f997b951705282360c8614f6a7590b0aae5c5f9c609cea0da57063739f34.dll

Resource

win7-20240221-en

sality backdoor evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

d119f997b951705282360c8614f6a7590b0aae5c5f9c609cea0da57063739f34.dll

Resource

win10v2004-20240419-en

sality backdoor evasion trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  d119f997b951705282360c8614f6a7590b0aae5c5f9c609cea0da57063739f34
- Size
  
  120KB
- MD5
  
  0a577525c14e2344c04a2011c5b7431a
- SHA1
  
  89ba95e736fd6498f548ab42d2990a1da305149f
- SHA256
  
  d119f997b951705282360c8614f6a7590b0aae5c5f9c609cea0da57063739f34
- SHA512
  
  5b432daab039e74489e1ed9baadecda3d923073cc37c3e1d2f797c5396e87a60f0513541235cc0cbbeefe1f7b276a57baa2ae262998d738a386d856f7767b774
- SSDEEP
  
  3072:zUVmTnO6zF5oX04ITDW/2ERbMqBcKzvRmJ:nO6xOKW/2ENjBxJmJ
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorevasiontrojanupx

behavioral2

salitybackdoorevasiontrojanupx

© 2018-2025

Terms | Privacy