sality

General

Target

3d1446adb29d01449f7f8243cac9049ffc16445f468d8d961a518ddfbec0ac00
Size

163KB
Sample

221126-spc9ladb85
MD5

801cf2115ab5214f3db9efd1cd27dc2b
SHA1

fed4e506399c94b0903d25da7487d19493ed76af
SHA256

3d1446adb29d01449f7f8243cac9049ffc16445f468d8d961a518ddfbec0ac00
SHA512

5e00ba4db01cf8e4edc7f16ffe3848292e47b007afa99ca999430dc08be0d710d43cfa35402f827f836b4465904eeeb69d49748d6006d71ea0fe856365585e8d
SSDEEP

3072:3sVwY/E4Y3FG7ifM5Ky7bbqo25SLdv7aSc05EERbh2V97gykf/JrqCxavFKLcto9:3s2ETAWG1yvbI5SF77Xm9PcRrqrvFKLZ

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  rootkit.exe
- Size
  
  304KB
- MD5
  
  370e4bc02d5119313b3cc3ecd983f43c
- SHA1
  
  d7614d4458a36c6b89c1caa0e3c8cc4e54512d0e
- SHA256
  
  bcff8e5ffe026d658191114f7af305b5fb4af2101ad4367ba37fc24fc49390f9
- SHA512
  
  4c12a3c71d715899a3dea6beff214ae91821bcbea6a90050397ebfa51075d4782af546adda4bbc3fef05777ca3da6f3bd3795329096d6f295f25607470819ed5
- SSDEEP
  
  3072:x/biY21gVP7HN6ijDtOpKUrIVWFnHA9vSeoyMyjoE4TDDpJt5nXs7tauXOnMVgnh:x/ag1jDtOFNIZMNE4TfPCtauX/gnd3
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2
- Target
  
  shell asp.txt
- Size
  
  55KB
- MD5
  
  53bb18901791ddaa74163a0af5c2a808
- SHA1
  
  c9c77eff21533ee3ae0af5baa423eb54da7618cf
- SHA256
  
  28f92ffb8e707be4d83707c746eaf292b6bf5e22e5de80974582c66e1aaa3024
- SHA512
  
  3ae3bcc46eb8759c286eff4441efa6e499304344f96bbb96243e2e22841a0c136e461457673b7f1670435c1b960fb866718e129c7bfa13c7346f32829f128480
- SSDEEP
  
  768:iEyIPEZ4+no6KoCkVcSmFDCvYNz+iKR9PPR/Fospf5J05zq4X2jC2qM:1ZPEZ4+nRNmwYNzCRz35J05zq4Xi
Score

1^/10
behavioral3 behavioral4