sality | 2001864f0b752fc7b56debc9cd6694ea55dab1b029d1870c45aa520640ba1f86 | Triage

Submit
Reports

Overview

overview

Static

static

3

2001864f0b...86.exe

windows7-x64

2001864f0b...86.exe

windows10-2004-x64

Sharing

General

Target

2001864f0b752fc7b56debc9cd6694ea55dab1b029d1870c45aa520640ba1f86.exe
Size

128KB
Sample

241230-xlt56awnhs
MD5

8ca0914f53557231e967e9e5adea4770
SHA1

b613395b55895f0292b6876347d5ad038f17b034
SHA256

2001864f0b752fc7b56debc9cd6694ea55dab1b029d1870c45aa520640ba1f86
SHA512

62f5d4942c1677d6cee79b431e242e145515a13cd6eda3331ce4769ab09ec54b5999cafe26313b3cc1f0923ed9265bdf2f28175e31723fc3a17019ee54d03bdf
SSDEEP

1536:1Jf83W8W60IL26Ap8iJ9+pvI8B8FuuKk1p0AxQjKP3xNL+vljZuIkBbmFZ3Oz+Ue:1JCD548iJK+cDm0KNxkllFFxOFdE

Score

10^/10

sality backdoor discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2001864f0b752fc7b56debc9cd6694ea55dab1b029d1870c45aa520640ba1f86.exe

Resource

win7-20240903-en

sality backdoor discovery evasion persistence trojan upx

windows7-x64

22 signatures

120 seconds

Behavioral task

behavioral2

Sample

2001864f0b752fc7b56debc9cd6694ea55dab1b029d1870c45aa520640ba1f86.exe

Resource

win10v2004-20241007-en

sality backdoor discovery evasion persistence trojan upx

windows10-2004-x64

21 signatures

120 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  2001864f0b752fc7b56debc9cd6694ea55dab1b029d1870c45aa520640ba1f86.exe
- Size
  
  128KB
- MD5
  
  8ca0914f53557231e967e9e5adea4770
- SHA1
  
  b613395b55895f0292b6876347d5ad038f17b034
- SHA256
  
  2001864f0b752fc7b56debc9cd6694ea55dab1b029d1870c45aa520640ba1f86
- SHA512
  
  62f5d4942c1677d6cee79b431e242e145515a13cd6eda3331ce4769ab09ec54b5999cafe26313b3cc1f0923ed9265bdf2f28175e31723fc3a17019ee54d03bdf
- SSDEEP
  
  1536:1Jf83W8W60IL26Ap8iJ9+pvI8B8FuuKk1p0AxQjKP3xNL+vljZuIkBbmFZ3Oz+Ue:1JCD548iJK+cDm0KNxkllFFxOFdE
Score

10^/10

sality backdoor discovery evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasionpersistencetrojanupx

behavioral2

salitybackdoordiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy