MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sality

Vendor detections: 18

Intelligence 18 IOCs YARA 1 File information Comments

SHA256 hash:	5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a
SHA3-384 hash:	ca33ff17ba7524f513d3cdea3da85720d4735a141e09e6a53198458389894453bcfdb1c982acf929ab4f805e73445f68
SHA1 hash:	633a5f42d571f8e226d074ceb986cd81b42171cb
MD5 hash:	a92697918309d9e881ab98b354b7c4ee
humanhash:	tango-pizza-cold-quebec
File name:	5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a.exe
Download:	download sample
Signature	Sality Create hunting rule
File size:	241'664 bytes
First seen:	2026-03-19 18:53:52 UTC
Last seen:	2026-03-19 19:23:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	08ce7667a22ad20f6a28b3b7cd649253 (1 x Sality)
ssdeep	3072:Jh09TuK9ps1SzcOCFXmPXSt/Ji7n739w69bjWKszmPsgQrSZSaYyG7zJolDJhOeg:vw9CCcHmPX2JN69WvzmTQuYzzJFeg
Threatray	1 similar samples on MalwareBazaar
TLSH	T1C634225E47D118BDE5A36F39E48E0F9B4D4CF6AC042620A613ED24CD0B5A242BED77D8
TrID	34.7% (.EXE) UPX compressed Win32 Executable (27066/9/6) 34.1% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 8.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.7% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
dhash icon	43a8baa3c5b9ad44 (1 x Sality)
Reporter	Anonymous
Tags:	exe Sality

Intelligence

File Origin

# of uploads :

# of downloads :

172

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

PEPacker

Details

PEPacker

a UPX version number and an unpacked binary

Link:

https://research.acce.ciphertechsolutions.com/results/cd292556-b87a-4ff0-8346-1ffca4655c20/

Malware family:

sality

ID:

File name:

5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a.exe

Verdict:

Malicious activity

Analysis date:

2026-03-19 18:55:21 UTC

Tags:

sality sainbox rat

Link:

https://app.any.run/tasks/7687e6f7-aadb-421c-aa57-ab7f05fea023

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/58229/

Detection(s):

SecuriteInfo.com.Win32.Sector.30.25355.6384.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69bc466088c80c01586c274f

Tags:

sality

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug evasive keylogger microsoft_visual_cc overlay packed packed packed packed sality upx virus

Link:

https://www.filescan.io/uploads/69bc46584ec2f522cc4faf24/reports/a4ece2cc-5d68-491b-aa50-655a22737c16/overview

Verdict:

Malicious

Labled as:

Virus.Sality

Link:

https://www.hybrid-analysis.com/sample/5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a

Verdict:

Malicious

File Type:

exe x32

Detections:

Virus.Win32.Sality.ag Trojan.Win32.Diztakun.sb HEUR:Trojan.Win32.Generic HEUR:Trojan.Script.AutoRun.gen Trojan-Banker.Win32.ClipBanker.sb Trojan.Win32.RokRat.sb Trojan.Win32.Llac Trojan.Win32.AutoRun.gen Trojan.Win32.Agent.sb Trojan.Multi.Agent.sb HEUR:Packed.Win32.BadCrypt.gen Virus.Win32.Sality.sil

Link:

https://opentip.kaspersky.com/5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/52284e5d-8d75-43b9-9d93-ca624934d408

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a/

Verdict:

Malicious

Threat:

Family.SALITY

Link:

https://tip.neiki.dev/file/5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a

Threat name:

Win32.Virus.Sality

Status:

Malicious

First seen:

2026-03-19 18:53:30 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 24 (95.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lnsdbyiv5muocdkohdz46mi73h6ttm2yvmg423l76sn7tua5vm5a._file

Verdict:

malicious

Label(s):

sality

Sality

error

Sality

Result

Malware family:

sality

Score:

10/10

Tags:

family:sality backdoor defense_evasion discovery trojan upx

Link:

https://tria.ge/reports/260319-xkbx7adz3s/

Behaviour

System policy modification

System Location Discovery: System Language Discovery

Drops file in Windows directory

UPX packed file

Checks whether UAC is enabled

Windows security modification

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Modifies firewall policy service

Sality

Sality family

UAC bypass

Windows security bypass

Malware Config

C2 Extraction:

http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/

Unpacked files

SH256 hash:

5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a

MD5 hash:

a92697918309d9e881ab98b354b7c4ee

SHA1 hash:

633a5f42d571f8e226d074ceb986cd81b42171cb

Link:

https://www.unpac.me/results/e7121025-37c8-471b-987d-9eb6e20263ee/

SH256 hash:

d34b4e7472d1df3603be48d10c4a267281bc3d39ea64c424de408f0876a3035a

MD5 hash:

31de33a273cf87952e94d3534335a9b1

SHA1 hash:

4df636d4de33d549a3a6e27ca75e8eb60e77c77a

Link:

https://www.unpac.me/results/e7121025-37c8-471b-987d-9eb6e20263ee/

SH256 hash:

ddb5acb5895c5bef5c0eb237b5997fafb3b998534d5073071eac456ccc3d736a

MD5 hash:

cef9218862877ade62398c839c259677

SHA1 hash:

9badbe87d28a7421593a1e0ffb20352488338fdd

Link:

https://www.unpac.me/results/e7121025-37c8-471b-987d-9eb6e20263ee/

SH256 hash:

2cdacb5d742167599b826f899807cee2745c86d38a294c76cc4323b3ac0faeec

MD5 hash:

c1a5d1d978fb4a302021371375f26112

SHA1 hash:

6430398a82644d972dc4c86cd6c0e11d12ad6796

Detections:

win_mariposa_auto

Link:

https://www.unpac.me/results/e7121025-37c8-471b-987d-9eb6e20263ee/

SH256 hash:

8ec28b718336a05245f2138cbcc4fea8e45f698a40bfc6fd79162adf67333e8b

MD5 hash:

dd09ad8e04a5595e859234824b326894

SHA1 hash:

b6b7fe689a9d30d884d8fa96d2969fdc195d2869

Detections:

win_sality_g0

win_sality_auto

sality

Sality_Malware_Oct16

INDICATOR_EXE_Packed_SimplePolyEngine

Link:

https://www.unpac.me/results/e7121025-37c8-471b-987d-9eb6e20263ee/

Parent samples :

513c36f4a21c7ebf125fe36b98fb2c065898b9f543a6e8dbbf3f9a041c5b86fa
25cccd07f6b6e3a314f78830308864675c5c18ee42a69db5cacdceb0b754acb4
659f26b02937b33a8cfaee03ef2a1d9d4a5818580540d1b3ceafe3cd2df34fdd
e21addfbc364c309bf5408cd977d44a6d683f9f4997c4154fbbc56e6dc54a162
5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a

SH256 hash:

47f5a1e046f1f89c9c34e87e522b6d83a78ad68ad94b5155795d7020bea9b0f8

MD5 hash:

4a38e9e877f38331fd2745daac44a2bd

SHA1 hash:

32dba5b6cea9c51af01c1c00a60ecb11c9989f18

Detections:

Sality_Malware_Oct16

INDICATOR_EXE_Packed_SimplePolyEngine

Link:

https://www.unpac.me/results/e7121025-37c8-471b-987d-9eb6e20263ee/

Malware family:

Sality

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/5b6430e115eb/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5b6430e115eb28e10d4e38f3cf311fd9fd39b358ab0dcd6d7ff49bf9d01dab3a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/58229/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample