sality | 1182d5f70a8af3dbd8f616c8440aed508a8723eeb72b6e20c93845d4ac0e7460 | Triage

Submit
Reports

Overview

overview

Static

static

3

1182d5f70a...0N.exe

windows7-x64

1182d5f70a...0N.exe

windows10-2004-x64

Sharing

General

Target

1182d5f70a8af3dbd8f616c8440aed508a8723eeb72b6e20c93845d4ac0e7460N.exe
Size

97KB
Sample

250202-jw3ndsspax
MD5

ecdff40996349847e9a44b742f2a71c0
SHA1

11fca73bb4181dcc54c1e5bfcc80eca02ab6f14e
SHA256

1182d5f70a8af3dbd8f616c8440aed508a8723eeb72b6e20c93845d4ac0e7460
SHA512

98bce1a52cceed984ebffe9adfb8a3f62f81863b24491f17f504acfcfd2a49d655f77607bc4cf24e658080b9169c42594e2c9b2fdce688616920bbd4a0d4d60e
SSDEEP

1536:RdIe3/PWr4o+AtfyEVh8x+BMRWST/J/fCB/VU8wTvgtKtk7emvTPynKcyX:H2r8hDJ/q9xwstykZTTcK

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1182d5f70a8af3dbd8f616c8440aed508a8723eeb72b6e20c93845d4ac0e7460N.exe

Resource

win7-20240903-en

sality backdoor defense_evasion discovery trojan upx

windows7-x64

18 signatures

120 seconds

Behavioral task

behavioral2

Sample

1182d5f70a8af3dbd8f616c8440aed508a8723eeb72b6e20c93845d4ac0e7460N.exe

Resource

win10v2004-20250129-en

sality backdoor defense_evasion discovery trojan upx

windows10-2004-x64

19 signatures

120 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  1182d5f70a8af3dbd8f616c8440aed508a8723eeb72b6e20c93845d4ac0e7460N.exe
- Size
  
  97KB
- MD5
  
  ecdff40996349847e9a44b742f2a71c0
- SHA1
  
  11fca73bb4181dcc54c1e5bfcc80eca02ab6f14e
- SHA256
  
  1182d5f70a8af3dbd8f616c8440aed508a8723eeb72b6e20c93845d4ac0e7460
- SHA512
  
  98bce1a52cceed984ebffe9adfb8a3f62f81863b24491f17f504acfcfd2a49d655f77607bc4cf24e658080b9169c42594e2c9b2fdce688616920bbd4a0d4d60e
- SSDEEP
  
  1536:RdIe3/PWr4o+AtfyEVh8x+BMRWST/J/fCB/VU8wTvgtKtk7emvTPynKcyX:H2r8hDJ/q9xwstykZTTcK
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoordefense_evasiondiscoverytrojanupx

behavioral2

salitybackdoordefense_evasiondiscoverytrojanupx

© 2018-2025

Terms | Privacy