sality | 1d957688dca04412ab5410cc932d128fe6d743da88c3cab1140694497853f21c | Triage

Submit
Reports

Overview

overview

Static

static

3

1d957688dc...1c.exe

windows7-x64

1d957688dc...1c.exe

windows10-2004-x64

Sharing

General

Target

1d957688dca04412ab5410cc932d128fe6d743da88c3cab1140694497853f21c
Size

806KB
Sample

241230-thveza1rbx
MD5

dc746b15196ea9c137a4040b7d992e7c
SHA1

3e7e0c76dde8e35eda9851a42ea34028aedb3d8f
SHA256

1d957688dca04412ab5410cc932d128fe6d743da88c3cab1140694497853f21c
SHA512

37def2b04e07549a64d57e1e36ef3f3863473668a7f5a56bb75fb0b8c40a9bb0488286420f9dc14d37c7e93254cd8c70d08512be7e0e1aa245d2d0230e3575c7
SSDEEP

24576:mIXgCWSpRyTdSJVDsVu5unzqWvX1E+NiE:JWSjCSJlsQuzqW/1ECiE

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1d957688dca04412ab5410cc932d128fe6d743da88c3cab1140694497853f21c.exe

Resource

win7-20240729-en

sality backdoor discovery evasion trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d957688dca04412ab5410cc932d128fe6d743da88c3cab1140694497853f21c.exe

Resource

win10v2004-20241007-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  1d957688dca04412ab5410cc932d128fe6d743da88c3cab1140694497853f21c
- Size
  
  806KB
- MD5
  
  dc746b15196ea9c137a4040b7d992e7c
- SHA1
  
  3e7e0c76dde8e35eda9851a42ea34028aedb3d8f
- SHA256
  
  1d957688dca04412ab5410cc932d128fe6d743da88c3cab1140694497853f21c
- SHA512
  
  37def2b04e07549a64d57e1e36ef3f3863473668a7f5a56bb75fb0b8c40a9bb0488286420f9dc14d37c7e93254cd8c70d08512be7e0e1aa245d2d0230e3575c7
- SSDEEP
  
  24576:mIXgCWSpRyTdSJVDsVu5unzqWvX1E+NiE:JWSjCSJlsQuzqW/1ECiE
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy