sality | b9066407f9e49b67fdeed77ae2ba1eb17f12d780f423140e77a0eb83338ffc10 | Triage

Submit
Reports

Overview

overview

Static

static

3

ea94ca68ea...18.exe

windows7-x64

ea94ca68ea...18.exe

windows10-2004-x64

Sharing

General

Target

ea94ca68ea64c183579a3e6fc669b229_JaffaCakes118
Size

102KB
Sample

240919-e2lvls1dqm
MD5

ea94ca68ea64c183579a3e6fc669b229
SHA1

5b8e6c9df4fab29da097ee88524ba65fbfa5a445
SHA256

b9066407f9e49b67fdeed77ae2ba1eb17f12d780f423140e77a0eb83338ffc10
SHA512

21de91437b466602807e9869e9ae9a06d4007ef6bbbf7ab4c5091fe35663e76f1fd8f669f035b21b1c0ced97637bf8b0060867d8d2383a6bc0bcdc4f86bcd385
SSDEEP

3072:RP3QN5mbpOqQiUwKzZU/GGQPRNGYHSYFw:JNOqe/zG/2RNTw

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea94ca68ea64c183579a3e6fc669b229_JaffaCakes118.exe

Resource

win7-20240903-en

sality backdoor discovery evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea94ca68ea64c183579a3e6fc669b229_JaffaCakes118.exe

Resource

win10v2004-20240910-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  ea94ca68ea64c183579a3e6fc669b229_JaffaCakes118
- Size
  
  102KB
- MD5
  
  ea94ca68ea64c183579a3e6fc669b229
- SHA1
  
  5b8e6c9df4fab29da097ee88524ba65fbfa5a445
- SHA256
  
  b9066407f9e49b67fdeed77ae2ba1eb17f12d780f423140e77a0eb83338ffc10
- SHA512
  
  21de91437b466602807e9869e9ae9a06d4007ef6bbbf7ab4c5091fe35663e76f1fd8f669f035b21b1c0ced97637bf8b0060867d8d2383a6bc0bcdc4f86bcd385
- SSDEEP
  
  3072:RP3QN5mbpOqQiUwKzZU/GGQPRNGYHSYFw:JNOqe/zG/2RNTw
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy