sality

General

Target

5c8de46ab5674f061b88a1462d790bc0_JaffaCakes118
Size

6.4MB
Sample

240520-b6zqgsdh87
MD5

5c8de46ab5674f061b88a1462d790bc0
SHA1

0556a9dbe67f0f1dfd2c8237ca61459037ef5f14
SHA256

e2f1be4902846deefee7eb4f0ab5c680dfb3d67ccb1e27bdeb0ff54c3fa93c81
SHA512

ca09d4945c4d89dd4b2899b9b28881ac7de19758bc136ccd3f10a101476a767929d7cae9290be12186c76929fdc468e38d1fead366948ec056a646bdf50fecb7
SSDEEP

196608:5eb+B5lI87vf86VJLlcxK88qXSkcQhGepiVN:5N5/0888qXFcoAN

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  ELTIMASerialSplitter/ssplitinst.exe
- Size
  
  6.4MB
- MD5
  
  21f124a12e8ea4e537ac519792be7eb0
- SHA1
  
  6522ddb1872be1e63eb1b97a65a4d556720c0922
- SHA256
  
  7c8aae4560527acaecdc848949f639c9ce086e335659839e84d48abb9bb6dac6
- SHA512
  
  857e3a0a12b2dab0900a2a48b5ab53b76c4c8237f682f6837cd71a9991e0a4261812bc76f69d21b655cc0a311eacdd2a2466aec57f21ec4a5a92c52feda0636f
- SSDEEP
  
  98304:AqYz9oGhVYAGKmL2LxJl8soC0OAax9M6oZFVIL5qIL/lL2Z4+AVW1DXEDQfB:AqYzthVcgfasoC0ix/oZFs/NQ4pMlXzB
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  ELTIMASerialSplitter/下载说明.htm
- Size
  
  3KB
- MD5
  
  9bd1ac9ead8eda95e8284f12ddba89e2
- SHA1
  
  44ad2b426711da0bc122d500b9117808385bd406
- SHA256
  
  54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8
- SHA512
  
  e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850
Score

1^/10
behavioral3 behavioral4
- Target
  
  ELTIMASerialSplitter/使用帮助(河东软件园).url
- Size
  
  216B
- MD5
  
  6a29fdd9a578559f631bd0c0919539f2
- SHA1
  
  7ba1e243d907b6893f798dbd6169ee057e4845e9
- SHA256
  
  6592450b9c9233d6d1a751020b3514bd20512d1224983c774e633ab2dee7b2c9
- SHA512
  
  6eee5fe42d1105523e0555ba90f6a98237293983238a80342a62bb7dc1cb1a5b00081a447ae3a0d36f67ace197f288315f816f6da9ea27457753efb625793cc1
Score

1^/10
behavioral5 behavioral6