Extracted

• • Target

    1d18c1a10870cee228ac6d14bc487f4ef51a3067a4d6b788812eb79d6b1c057e.exe

  • Size

    432KB

  • MD5

    45a62ed1b4dabc6d7e0f4a7374afb175

  • SHA1

    3aa6db91bfd48dffa31efd7428eaac493d13d6b0

  • SHA256

    1d18c1a10870cee228ac6d14bc487f4ef51a3067a4d6b788812eb79d6b1c057e

  • SHA512

    95f685024193faa5de278fc5b5d209ff291385efca9106f95102b6889c8c5629ade8898dfb9b2ef0a5b825f013faa9c237ef1691dd7d197b8b80439b15267982

  • SSDEEP

    12288:nlDzNwTWdB4fEBcjMAKfxTDyZ6MnfZm01n8yksl:nlKTgB+EKKJTDyo0hv1nUc

  Score

  10^/10

  salitybackdoordiscoveryevasionexecutionpersistencetrojanupx

  • Disables service(s)

    evasionexecution

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Blocklisted process makes network request

  • Stops running service(s)

    evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2