sality

Sharing

Copy URL

Twitter E-mail

General

Target

e1b2e96bb57c7afc2c5a7d4bf84a58d360e7363eaa71427d6360829130b1d7c6
Size

332KB
Sample

240611-evdknavbpp
MD5

2569981f3c1ed36a7b1ed6f215e739a2
SHA1

de12426615e9d6d26ac67babcaca82351fdd7a54
SHA256

e1b2e96bb57c7afc2c5a7d4bf84a58d360e7363eaa71427d6360829130b1d7c6
SHA512

93b26b7a164ca9b0e22ac192eda7266b9904f5ba762b96f6128185b496808a728b5ce11584a5dca2e87df56b3401afdab4f2264ffd0db704a32f0c2b84930dc0
SSDEEP

6144:mN/IaoYuk96kADp70jutbFs6XDVsK+/OVtK4cj9K1+2BoUz6jJQPI:aLWYjutacDVsAVMJKcmoUzaaPI

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  e1b2e96bb57c7afc2c5a7d4bf84a58d360e7363eaa71427d6360829130b1d7c6
- Size
  
  332KB
- MD5
  
  2569981f3c1ed36a7b1ed6f215e739a2
- SHA1
  
  de12426615e9d6d26ac67babcaca82351fdd7a54
- SHA256
  
  e1b2e96bb57c7afc2c5a7d4bf84a58d360e7363eaa71427d6360829130b1d7c6
- SHA512
  
  93b26b7a164ca9b0e22ac192eda7266b9904f5ba762b96f6128185b496808a728b5ce11584a5dca2e87df56b3401afdab4f2264ffd0db704a32f0c2b84930dc0
- SSDEEP
  
  6144:mN/IaoYuk96kADp70jutbFs6XDVsK+/OVtK4cj9K1+2BoUz6jJQPI:aLWYjutacDVsAVMJKcmoUzaaPI
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  7KB
- MD5
  
  ccb909b48488ac50078b994947cf855c
- SHA1
  
  08ef6ff2b4df6de0bdc443611815a8db619b6c70
- SHA256
  
  32487e83679c88f63f35a9989e58ef3a3084bd70b6ebe76cda459c92ebf2c066
- SHA512
  
  ebe5dece02bd459d8d28457fe082bc759c21c0bb641ed31a848e2b521bfd9d2544585b0acbb1dfd08a5a9b91a91bba5aa5339c0f736fd153f852af17144caac8
- SSDEEP
  
  96:X80Gzrjk9CYIh6SnCQ5ygkSoZrtjlPVng1/GsoJoiB:DGbeINnC4oZrjPdIOjqi
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  24KB
- MD5
  
  6c09648818cf6820a769e8f03c28645d
- SHA1
  
  30bf9117443955d50e396a799792746107a282c3
- SHA256
  
  4263984428f49792f359b91d5eee19b6d248340204051dd14af9a73710967dc7
- SHA512
  
  f10443c9fa469b778aeb0911f656ebeaadfa4519ba40397775b633da75309f09759745390c27df0be0650988f90716791b6043bb269db3890f9a9171d5666319
- SSDEEP
  
  384:Sju1mQpK8SvOWZqoNvRjEJMmG+cGR1J5VPY8cCxfMwdxy:4OWIoN6JMmGUjJLa6xy
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  36KB
- MD5
  
  e6ab90ea8f9454d4a8aed70eb924bb4a
- SHA1
  
  22d7c541e93e3d5520756047e3af0324af7640e5
- SHA256
  
  07ad34100502d7aebd8c19cf6fabda31814312984ae25d26b081ddebf3926077
- SHA512
  
  23953f4163afe3a2ebadbba03e7bec5bab10c8c112ab093e3893ec11d6d4232a526014f02db995b60f63b7cc8e49f2883a6e2112092176ccfa28a45f2397527a
- SSDEEP
  
  768:4mlFrRNxK9CxHpR2fYw4G3ridSzSH7YHJ2I5:4kFrFJpR2AhGcYB5
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  11KB
- MD5
  
  a31858fa5846da4b9bb05f81d3742fd6
- SHA1
  
  920daf33916419bb0979bcc203dd1f44766d0e3c
- SHA256
  
  5046e22eb8110ad0f04b4c81b30a52d6ca126473ef7ad8ba00a72efbc4f84f7f
- SHA512
  
  89a5572b307086f79028af18e81076bc5fc3ac89849dd658e23267edd96b45df7b402de4a64ff093a717a7590296c8fdb015ef773644d4e25d84cf164bb35787
- SSDEEP
  
  192:wM+KOWSMxF+9DnV3Kkzjv95drbQMH2klPdIobkbdTFdHGZ:4KUMxopnZzr9PrUMHVlPFkbdjHGZ
Score

3^/10
behavioral10 behavioral9