sality

General

Target

11b1dd5697654fb7dc2d983d1a4c08fb_JaffaCakes118
Size

3.3MB
Sample

240504-jdlxxsac54
MD5

11b1dd5697654fb7dc2d983d1a4c08fb
SHA1

1dc3168aadac5b264c7ea3d19c7e88b97920e408
SHA256

4c10f8eecb31a238a20178cdc2b64af409c1a7b309f4afe6dce784118619f469
SHA512

966335ae01b3985474856fb1b057d0565feae682359d5b2a85f11eb2d815535509448091a4212932296ac17416a6f2dac6ea141b9a03fa58f29998a3a7cf4af5
SSDEEP

98304:YY8AK12/wb+84NoGyYfwQ8H2QHU02zwRdDJXQkZ1fj7AUrz:Y4EC84aGhfwQ8H2Q920ZV7Aa

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  数码资源网.url
- Size
  
  244B
- MD5
  
  305983ae6219bf10d517e168b3ebe5ea
- SHA1
  
  b30177e0d7aa2c46843fa9c728c8a9319f34c6a1
- SHA256
  
  a4a66ca6e527f6b5a344ec48235b21666f44d19f710ea5d75332e6a4263d027f
- SHA512
  
  def75af02cb32b05d19cea6ac978941f93b659fc23a3d8ea29f60874c6875a08274403c125452bd14fc2e878e193eecca70b83f19c22881e3f9a8ab4f6afcb28
Score

1^/10
behavioral1 behavioral2
- Target
  
  辅助程序/功能程序/csrss.exe
- Size
  
  3.7MB
- MD5
  
  3df27a48a0a4d57b083a19d6e091355b
- SHA1
  
  622bb18e094da566242ed68954d078b9f895559c
- SHA256
  
  984540a91535e589856761e81215cf5635f5a236cc21bc73ea275924ee829231
- SHA512
  
  4aa5270dde9054e058b99f6bed35c6e2aeaaf4c0610bd79985739c7173175399d10c9957892dc4b7225643eedf2e27a3a2a6db51ba4fcd11a1b3d264630c147b
- SSDEEP
  
  98304:2VGeA6qMsw6x2TCjlsaNn5g8e3FEcRU/yGL:2kMr6xCc/N+8e3F/C/yQ
Score

1^/10
behavioral3 behavioral4
- Target
  
  辅助程序/过游戏保护/csrss.exe
- Size
  
  1.2MB
- MD5
  
  94dcf3d9a7cf1b9fa079d0e6f4f2ba5a
- SHA1
  
  72f801de257841558356aae3710ec1e0c606fc8b
- SHA256
  
  b23e7005b48679fa121cb99ccec15aa5e259c1b91c08a99490ccdb961e330b44
- SHA512
  
  3bbd4086b97866b9f79d31b1f416bf188bb51bef88f87cb252fc91099ff51703c6eb65f1e40ff866157e306dc52274bba10bf703e1dde320a03705802b13a31c
- SSDEEP
  
  12288:bcNMq4xG3b0RK5bzMjidw7JU6eUOMwFdVfZobi2a89ujY68aapv:bcD4s3wRQYj6gJU6pOMwFHmi9bOaov
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral5 behavioral6