sality | d5869b4d3673a9550f51878d579686054470c9b798352b57ef7c1205a696c9df | Triage

Submit
Reports

Overview

overview

Static

static

3

d5869b4d36...fN.dll

windows7-x64

d5869b4d36...fN.dll

windows10-2004-x64

Sharing

General

Target

d5869b4d3673a9550f51878d579686054470c9b798352b57ef7c1205a696c9dfN.exe
Size

120KB
Sample

241217-qgr2nsznas
MD5

ab139edb1ac4d30807c2c1aa7ebd3600
SHA1

7ebbc11af25f01455f6233d4b132c0d9110aa0c1
SHA256

d5869b4d3673a9550f51878d579686054470c9b798352b57ef7c1205a696c9df
SHA512

b8dd8cdb0a363e20e6383d0bbca1e002fec53ea8be1e21b8a1382214b285926a2222d9a1c9c5f700e1e88de269e632b96ae900874bdc4581e7799c8c9ab25cbe
SSDEEP

3072:soBFxb8t20SSVt0y5EkMuKYKz0xDjWpe:NFxbM15X7KYKzaDjWpe

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d5869b4d3673a9550f51878d579686054470c9b798352b57ef7c1205a696c9dfN.dll

Resource

win7-20240903-en

sality backdoor discovery evasion trojan upx

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

d5869b4d3673a9550f51878d579686054470c9b798352b57ef7c1205a696c9dfN.dll

Resource

win10v2004-20241007-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  d5869b4d3673a9550f51878d579686054470c9b798352b57ef7c1205a696c9dfN.exe
- Size
  
  120KB
- MD5
  
  ab139edb1ac4d30807c2c1aa7ebd3600
- SHA1
  
  7ebbc11af25f01455f6233d4b132c0d9110aa0c1
- SHA256
  
  d5869b4d3673a9550f51878d579686054470c9b798352b57ef7c1205a696c9df
- SHA512
  
  b8dd8cdb0a363e20e6383d0bbca1e002fec53ea8be1e21b8a1382214b285926a2222d9a1c9c5f700e1e88de269e632b96ae900874bdc4581e7799c8c9ab25cbe
- SSDEEP
  
  3072:soBFxb8t20SSVt0y5EkMuKYKz0xDjWpe:NFxbM15X7KYKzaDjWpe
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy