sality | 40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec | Triage

Submit
Reports

Overview

overview

Static

static

3

40bc88a7e2...ec.exe

windows7-x64

40bc88a7e2...ec.exe

windows10-2004-x64

Sharing

General

Target

40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec
Size

507KB
Sample

241203-z1h3jsvjby
MD5

d977aa3e1a365ac5d4eb43be47605689
SHA1

eb20141c2ee344da400394cf6285130734e186a3
SHA256

40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec
SHA512

70a5af24d975b231e77d600a1b0b9fd9b2b6ec38267418d100d781dcafde34586df2d8c63b088d0ab74360354f90ec0c50c561744a8489a7fc4b827583eb78de
SSDEEP

12288:KDUfVvl8H6666HH3o66663P6666VWH6666H6666IUjolRy6:/fVviH6666HH3o66663P6666AH6666Hq

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec.exe

Resource

win7-20240729-en

sality backdoor discovery evasion trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec.exe

Resource

win10v2004-20241007-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec
- Size
  
  507KB
- MD5
  
  d977aa3e1a365ac5d4eb43be47605689
- SHA1
  
  eb20141c2ee344da400394cf6285130734e186a3
- SHA256
  
  40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec
- SHA512
  
  70a5af24d975b231e77d600a1b0b9fd9b2b6ec38267418d100d781dcafde34586df2d8c63b088d0ab74360354f90ec0c50c561744a8489a7fc4b827583eb78de
- SSDEEP
  
  12288:KDUfVvl8H6666HH3o66663P6666VWH6666H6666IUjolRy6:/fVviH6666HH3o66663P6666AH6666Hq
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy