sality | d5395f121277d2b38f4173c7df0a20a3de99edfcfe2aa697080cc81170eb76ab | Triage

Resubmissions

12/03/2025, 21:28

250312-1bn3yatwgv 10

12/03/2025, 21:24

250312-z9fzjsvpx2 10

12/03/2025, 21:22

250312-z8by7stvf1 6

12/03/2025, 21:20

250312-z63n5stvb1 7

11/03/2025, 00:00

250311-aaawtasr13 5

10/03/2025, 21:57

250310-1t6eyazlx6 10

09/03/2025, 01:58

250309-cdv29swybs 10

08/03/2025, 06:55

250308-hp35xatjt9 10

08/03/2025, 04:53

250308-fh1ebssky5 10

Sharing

General

Target

My-Skidded-malwares-main.zip
Size

106.4MB
Sample

250312-1bn3yatwgv
MD5

d01f58a973cfceca5abbb124f8e580ff
SHA1

b60fd4d18c92322819300af17bc44e798d0ddef4
SHA256

d5395f121277d2b38f4173c7df0a20a3de99edfcfe2aa697080cc81170eb76ab
SHA512

81d6c94f56d53cd7fa29f5c1d9f8077a176b07b9a2c859b8525f6451660fb906dd960b71358ff870019990f541e816489c131a96b1fb2b7c66178a04ed35904d
SSDEEP

3145728:Sg2PlA+mrMHCwbc/bAjXC0P5JCe94RWQRVBCXD7:SJlmxTAj7PtGR9RVBE3

Score

10^/10

sality backdoor bootkit defense_evasion discovery persistence trojan upx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  My-Skidded-malwares-main.zip
- Size
  
  106.4MB
- MD5
  
  d01f58a973cfceca5abbb124f8e580ff
- SHA1
  
  b60fd4d18c92322819300af17bc44e798d0ddef4
- SHA256
  
  d5395f121277d2b38f4173c7df0a20a3de99edfcfe2aa697080cc81170eb76ab
- SHA512
  
  81d6c94f56d53cd7fa29f5c1d9f8077a176b07b9a2c859b8525f6451660fb906dd960b71358ff870019990f541e816489c131a96b1fb2b7c66178a04ed35904d
- SSDEEP
  
  3145728:Sg2PlA+mrMHCwbc/bAjXC0P5JCe94RWQRVBCXD7:SJlmxTAj7PtGR9RVBE3
Score

10^/10

sality backdoor bootkit defense_evasion discovery persistence trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Executes dropped EXE
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

salitybackdoorbootkitdefense_evasiondiscoverypersistencetrojanupx