sality | 94628faa8a5c7fd1da375dff7495a38d063eee0342557fb963e99a26ed900e5f | Triage

Submit
Reports

Overview

overview

Static

static

3

logs/modif...xm.exe

windows7-x64

logs/modif...xm.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_0a4a0bd4dfa4de8b5660b665cbc363ed
Size

69KB
Sample

241231-h2svpstnes
MD5

0a4a0bd4dfa4de8b5660b665cbc363ed
SHA1

386b3f57da5fd28afac2dc2b432572fd02ebc37a
SHA256

94628faa8a5c7fd1da375dff7495a38d063eee0342557fb963e99a26ed900e5f
SHA512

609c35d257ba8b118fbbaa39c3656cec27c1c3ea6640474caf3184ae62cede7fbe72c5781d82bad2c01f8b6d3f6ff7e942eb0480b4d82f6cae43b47b9977ad53
SSDEEP

1536:LDd/id3T08/8/xJGQJ0Jva0RiZItQ+JWSDg7phvfV:9a37BQJ09Z46tX1DgFhvd

Score

10^/10

sality backdoor discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

logs/modified_files/C/syspuxm.exe/syspuxm.exe

Resource

win7-20240903-en

sality backdoor discovery evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

logs/modified_files/C/syspuxm.exe/syspuxm.exe

Resource

win10v2004-20241007-en

sality backdoor discovery evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

- Target
  
  logs/modified_files/C/syspuxm.exe/syspuxm.exe
- Size
  
  70KB
- MD5
  
  bc9fe9457030d81eb55322c89d65c3ff
- SHA1
  
  ab570c602fcd6149976f52ebc35e69324ea9512c
- SHA256
  
  b962405951204905dfd57cab9723d647ea9c5466aefcd5c5a2bac4ddf83a4318
- SHA512
  
  968b173207599b005ae6bd1e2846e2e66d3f30e5a45b583586f0530e10918f2b5828de554151328050b261084e4f8ddc7a1ab4ecb94463b42fb33bbbd679ae70
- SSDEEP
  
  1536:TEmcAe0ey668/xJGQJ0Bva0Ri1ItQ+JWSDg8phvf/:TSA2y6OQJ0VZ4mtX1Dg4hvH
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordiscoveryevasiontrojanupx

behavioral2

salitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy