sality | f78b9d9ff45cf181605153ba6e4da30a4f68a567948c734f3905bb4ca2f9bf92 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...8c.exe

windows7-x64

3

JaffaCakes...8c.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_9fddb8bc333a44584ae07fed838c4e8c
Size

119KB
Sample

250205-qbzjkaxlfy
MD5

9fddb8bc333a44584ae07fed838c4e8c
SHA1

73e685e7b967d929dfe4fb6800d7ee7ca27227d3
SHA256

f78b9d9ff45cf181605153ba6e4da30a4f68a567948c734f3905bb4ca2f9bf92
SHA512

505e3e3db13d0116b5472f9d390aa4c826fd06016f2d2b11ed5d28386ececffb1e878a71dc7234d236b3557f48eab52c30ec41c5347679db7666578df36bbed7
SSDEEP

3072:1jhlbyDImJFAI0jSurj+vEh8BIs7QbXXHHW:1t99Fj+vEhFrXHHW

Score

10^/10

sality backdoor defense_evasion discovery trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_9fddb8bc333a44584ae07fed838c4e8c.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_9fddb8bc333a44584ae07fed838c4e8c.exe

Resource

win10v2004-20250129-en

sality backdoor defense_evasion discovery trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  JaffaCakes118_9fddb8bc333a44584ae07fed838c4e8c
- Size
  
  119KB
- MD5
  
  9fddb8bc333a44584ae07fed838c4e8c
- SHA1
  
  73e685e7b967d929dfe4fb6800d7ee7ca27227d3
- SHA256
  
  f78b9d9ff45cf181605153ba6e4da30a4f68a567948c734f3905bb4ca2f9bf92
- SHA512
  
  505e3e3db13d0116b5472f9d390aa4c826fd06016f2d2b11ed5d28386ececffb1e878a71dc7234d236b3557f48eab52c30ec41c5347679db7666578df36bbed7
- SSDEEP
  
  3072:1jhlbyDImJFAI0jSurj+vEh8BIs7QbXXHHW:1t99Fj+vEhFrXHHW
Score

10^/10

discovery sality backdoor defense_evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Deletes itself
- Executes dropped EXE
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

salitybackdoordefense_evasiondiscoverytrojanupx

© 2018-2025

Terms | Privacy