sality | 95eb04399fca67538cec37e2b6825a401fc162e95603cc5386636cad03be52f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

95eb04399f...4N.dll

windows7-x64

95eb04399f...4N.dll

windows10-2004-x64

Sharing

General

Target

95eb04399fca67538cec37e2b6825a401fc162e95603cc5386636cad03be52f4N.exe
Size

120KB
Sample

241207-g22beazmhw
MD5

0817598016531694a0b4d9312ec507d0
SHA1

14ea392eb04bcfcc167d36da93bb70f0ebe189b2
SHA256

95eb04399fca67538cec37e2b6825a401fc162e95603cc5386636cad03be52f4
SHA512

e3893ac5c4ecdc2c137387e2afe37657554aadc51d3f2d410a16db823a66313a4b58c5da83945b7a3e04e5d0dac143dbff7231b7fdfe517e34d9fbb7c96cc736
SSDEEP

1536:CV2KzKqk0dKamvi6DSRujPOkyVX2A2jj5S1u8voByGoeAXdEXh1bzVEyaWgZcY:CV2yaamKgFOAj5SYUZDNCh1HGyiiY

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

95eb04399fca67538cec37e2b6825a401fc162e95603cc5386636cad03be52f4N.dll

Resource

win7-20240903-en

sality backdoor discovery evasion trojan upx

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

95eb04399fca67538cec37e2b6825a401fc162e95603cc5386636cad03be52f4N.dll

Resource

win10v2004-20241007-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

16 signatures

120 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  95eb04399fca67538cec37e2b6825a401fc162e95603cc5386636cad03be52f4N.exe
- Size
  
  120KB
- MD5
  
  0817598016531694a0b4d9312ec507d0
- SHA1
  
  14ea392eb04bcfcc167d36da93bb70f0ebe189b2
- SHA256
  
  95eb04399fca67538cec37e2b6825a401fc162e95603cc5386636cad03be52f4
- SHA512
  
  e3893ac5c4ecdc2c137387e2afe37657554aadc51d3f2d410a16db823a66313a4b58c5da83945b7a3e04e5d0dac143dbff7231b7fdfe517e34d9fbb7c96cc736
- SSDEEP
  
  1536:CV2KzKqk0dKamvi6DSRujPOkyVX2A2jj5S1u8voByGoeAXdEXh1bzVEyaWgZcY:CV2yaamKgFOAj5SYUZDNCh1HGyiiY
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy