sality | 2182808ba6f58e1971a40e23094600d0cc28cc9f066cff3e91f6bd8711d77d69 | Triage

Submit
Reports

Overview

overview

Static

static

3

2182808ba6...9N.exe

windows7-x64

2182808ba6...9N.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2182808ba6f58e1971a40e23094600d0cc28cc9f066cff3e91f6bd8711d77d69N
Size

2.2MB
Sample

240921-ph4les1hkd
MD5

a266cf283e990325197642df9f8aeee0
SHA1

fddc6173eb63b9aa44b3ce67bd745e53acc524bb
SHA256

2182808ba6f58e1971a40e23094600d0cc28cc9f066cff3e91f6bd8711d77d69
SHA512

cc2ae1c20a29ac8998c21219d4c44b9bcca2223f756650a3723f562df0953d4a41acea7dee7e5a57b9b22410c11dff1d30e9ef35085b38c9788421f23bc90531
SSDEEP

49152:Im7CmJzBlMqn/V1Fcjl9WpgAt9WczyMGIwGek5kkp7YLnXx2XOopj2vJsXSrh/:FzDMq/GIek5DOopSvJsCrh/

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2182808ba6f58e1971a40e23094600d0cc28cc9f066cff3e91f6bd8711d77d69N.exe

Resource

win7-20240903-en

sality backdoor discovery upx

windows7-x64

4 signatures

120 seconds

Behavioral task

behavioral2

Sample

2182808ba6f58e1971a40e23094600d0cc28cc9f066cff3e91f6bd8711d77d69N.exe

Resource

win10v2004-20240802-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  2182808ba6f58e1971a40e23094600d0cc28cc9f066cff3e91f6bd8711d77d69N
- Size
  
  2.2MB
- MD5
  
  a266cf283e990325197642df9f8aeee0
- SHA1
  
  fddc6173eb63b9aa44b3ce67bd745e53acc524bb
- SHA256
  
  2182808ba6f58e1971a40e23094600d0cc28cc9f066cff3e91f6bd8711d77d69
- SHA512
  
  cc2ae1c20a29ac8998c21219d4c44b9bcca2223f756650a3723f562df0953d4a41acea7dee7e5a57b9b22410c11dff1d30e9ef35085b38c9788421f23bc90531
- SSDEEP
  
  49152:Im7CmJzBlMqn/V1Fcjl9WpgAt9WczyMGIwGek5kkp7YLnXx2XOopj2vJsXSrh/:FzDMq/GIek5DOopSvJsCrh/
Score

10^/10

sality backdoor discovery upx evasion trojan
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy