sality

Sharing

Copy URL

Twitter E-mail

General

Target

0e4f30706f56284a6026dddceb4e9b40_NeikiAnalytics.exe
Size

136KB
Sample

240526-swhgwsca33
MD5

0e4f30706f56284a6026dddceb4e9b40
SHA1

8c19b7f17cb9aba810f78c3a98e450f61fff02be
SHA256

0aebe2244185ece9e7fbad258126c41609e24743e3921aeab6d69b09358e987d
SHA512

44a5902754c8fd0dca8180843b9a377504b65f4d7087c7b2296074619aacfd717cdc7d670003b67f0d3bee3410403787370bd1ccfa24b893d08f978c795955a9
SSDEEP

3072:rQI5RTXJPxWJ+CPhlyoUxF1VqxgyRd1JgpSbqbbH2GJ2:rVBxWZTRO3I5vgpSbqbb4

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  0e4f30706f56284a6026dddceb4e9b40_NeikiAnalytics.exe
- Size
  
  136KB
- MD5
  
  0e4f30706f56284a6026dddceb4e9b40
- SHA1
  
  8c19b7f17cb9aba810f78c3a98e450f61fff02be
- SHA256
  
  0aebe2244185ece9e7fbad258126c41609e24743e3921aeab6d69b09358e987d
- SHA512
  
  44a5902754c8fd0dca8180843b9a377504b65f4d7087c7b2296074619aacfd717cdc7d670003b67f0d3bee3410403787370bd1ccfa24b893d08f978c795955a9
- SSDEEP
  
  3072:rQI5RTXJPxWJ+CPhlyoUxF1VqxgyRd1JgpSbqbbH2GJ2:rVBxWZTRO3I5vgpSbqbb4
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  8614c450637267afacad1645e23ba24a
- SHA1
  
  e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
- SHA256
  
  0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
- SHA512
  
  af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  9bc6c411efa742a5de7d8372afafa2fa
- SHA1
  
  2b57865e87c7ca2db97d0296d8cbe0183df2c2cf
- SHA256
  
  0cac914c87d4e73875dea8544391e383f441d624ea5ec9a4864d056db161206c
- SHA512
  
  092ef3f13a71a46df0f78a3b5eb4492bee32f1a12be27e0c534638ec7723b2a9aac23391768c352289df6a8988cbc6cf96ea22d8f1983b5ccf609e08d1db4bde
- SSDEEP
  
  192:7p/MyET9lrRyFJb9kSw/T6rz91YrLV1hiI:7p/MyET90k7/T6rB1Yk
Score

1^/10
behavioral7 behavioral8