sality | 778fe733d63bf194fd03d0cf766a0e96bba3a1410db0a5a981bf054b09103555 | Triage

Submit
Reports

Overview

overview

Static

static

3

a0d81f2f49...18.exe

windows7-x64

a0d81f2f49...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a0d81f2f49a1b8afd0dacb90a3875cf7_JaffaCakes118
Size

108KB
Sample

240817-cq4vyavelk
MD5

a0d81f2f49a1b8afd0dacb90a3875cf7
SHA1

888f3e32159eb5a6ed68205d0c76741bd9f51f38
SHA256

778fe733d63bf194fd03d0cf766a0e96bba3a1410db0a5a981bf054b09103555
SHA512

3f3480855b1cb2a1ea0667f2d69f1f98b83e32909bbde2605b0f37210c5e9f89da04d0092d6823ea270dedb384bbd1f383d64e7d6249e5a5e6dd5503b18d1c8e
SSDEEP

1536:/6FkJO8Pwr65+gwXa9tPmLEZ37OuLZupywpdpKt2GNXWGBZ7/l+IKX:yAs65+vqM270yGOAGRBH9oX

Score

10^/10

sality backdoor discovery evasion persistence spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a0d81f2f49a1b8afd0dacb90a3875cf7_JaffaCakes118.exe

Resource

win7-20240704-en

sality backdoor discovery evasion persistence spyware stealer trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

a0d81f2f49a1b8afd0dacb90a3875cf7_JaffaCakes118.exe

Resource

win10v2004-20240802-en

sality backdoor discovery evasion persistence spyware stealer trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

- Target
  
  a0d81f2f49a1b8afd0dacb90a3875cf7_JaffaCakes118
- Size
  
  108KB
- MD5
  
  a0d81f2f49a1b8afd0dacb90a3875cf7
- SHA1
  
  888f3e32159eb5a6ed68205d0c76741bd9f51f38
- SHA256
  
  778fe733d63bf194fd03d0cf766a0e96bba3a1410db0a5a981bf054b09103555
- SHA512
  
  3f3480855b1cb2a1ea0667f2d69f1f98b83e32909bbde2605b0f37210c5e9f89da04d0092d6823ea270dedb384bbd1f383d64e7d6249e5a5e6dd5503b18d1c8e
- SSDEEP
  
  1536:/6FkJO8Pwr65+gwXa9tPmLEZ37OuLZupywpdpKt2GNXWGBZ7/l+IKX:yAs65+vqM270yGOAGRBH9oX
Score

10^/10

sality backdoor discovery evasion persistence spyware stealer trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasionpersistencespywarestealertrojanupx

behavioral2

salitybackdoordiscoveryevasionpersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy