sality | 84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

84568c4803...74.exe

windows7-x64

84568c4803...74.exe

windows10-2004-x64

Sharing

General

Target

84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
Size

97KB
Sample

241012-3186hsydqb
MD5

9d5b93494af485955e693fc17fbde767
SHA1

0efcf7e1d25adddc06201d4ba517edbce56012dd
SHA256

84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
SHA512

b851dc81c5c920c5797812968efd10fe1a9089f5e956ec11efc8466d997d2f18f53753a83d574eca0cc1c90b7ffe4fdaa22571f1ca1c80e8c9fd353748600b9c
SSDEEP

3072:8jsOsZ5hQ9co/7ijX1tS7EjJqKanai2db2:8W5h6ziX3S7EjJVli2db

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374.exe

Resource

win7-20240903-en

sality backdoor discovery evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374.exe

Resource

win10v2004-20241007-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
- Size
  
  97KB
- MD5
  
  9d5b93494af485955e693fc17fbde767
- SHA1
  
  0efcf7e1d25adddc06201d4ba517edbce56012dd
- SHA256
  
  84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
- SHA512
  
  b851dc81c5c920c5797812968efd10fe1a9089f5e956ec11efc8466d997d2f18f53753a83d574eca0cc1c90b7ffe4fdaa22571f1ca1c80e8c9fd353748600b9c
- SSDEEP
  
  3072:8jsOsZ5hQ9co/7ijX1tS7EjJqKanai2db2:8W5h6ziX3S7EjJVli2db
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy