sality

Sharing

Copy URL

Twitter E-mail

General

Target

15f1c3efa703ad0960dcaa393f5fa288_JaffaCakes118
Size

220KB
Sample

240627-pae8vssgrr
MD5

15f1c3efa703ad0960dcaa393f5fa288
SHA1

7d94826c8ea7d84c8b2e9bf07ca8f01bdd25ebcc
SHA256

3c0321082e2c4e2fae6e469c2c1d6af4e79fb909338da35018fef08cc32bbd0b
SHA512

5cf4ca1fd4ae465febefb3e3ec5aa192a6e95c83b13b236bf5d46523662c8ab726ab5d927b9b075aeb35b1bdad71c7ee9dba9d81722237e889b21b6dfd6a956f
SSDEEP

6144:q3w0RJTTFaqGBDAhLVYee60qztPmiMIAnBOhA8:q3w2uDYLVYeUsDMZMhA8

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  15f1c3efa703ad0960dcaa393f5fa288_JaffaCakes118
- Size
  
  220KB
- MD5
  
  15f1c3efa703ad0960dcaa393f5fa288
- SHA1
  
  7d94826c8ea7d84c8b2e9bf07ca8f01bdd25ebcc
- SHA256
  
  3c0321082e2c4e2fae6e469c2c1d6af4e79fb909338da35018fef08cc32bbd0b
- SHA512
  
  5cf4ca1fd4ae465febefb3e3ec5aa192a6e95c83b13b236bf5d46523662c8ab726ab5d927b9b075aeb35b1bdad71c7ee9dba9d81722237e889b21b6dfd6a956f
- SSDEEP
  
  6144:q3w0RJTTFaqGBDAhLVYee60qztPmiMIAnBOhA8:q3w2uDYLVYeUsDMZMhA8
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISArray.dll
- Size
  
  20KB
- MD5
  
  5ae0c62802120e2fa971959795581daf
- SHA1
  
  e0c2d66ba75b41f8e22ff31c90986e572735429f
- SHA256
  
  a8c486730810c55c337c7d6863243fad25c212b4d11ceeceb420c4b2c131a605
- SHA512
  
  e09b14c1eef4c3962f18307df4abf4fbb62710dbf3cde80346069861b4db63e72b0441e0136921290725632f6c21b3916920e928f4df63b3f5c0e78b8e750101
- SSDEEP
  
  384:Z9fln0eNNe1AT+i1RSHKrsc+fDA9rFC7amgKFR1qjMzyJ:zCyg1AT+KRSHKrHrkJg81qd
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  301a9c8739ed3ed955a1bdc472d26f32
- SHA1
  
  a830ab9ae6e8d046b7ab2611bea7a0a681f29a43
- SHA256
  
  6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92
- SHA512
  
  41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094
- SSDEEP
  
  192:hCPej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yAG:hCQ2HgN4GbeWmbI4Eybogia7yA
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  b0165587c54350b6c9910e765f16ad9e
- SHA1
  
  fd81de9f3b1dd8d6cfa8621fddf9f93c29b4710f
- SHA256
  
  26006c739057373f948b11892f40b0cc686c6c97c448f79447856421f9a15563
- SHA512
  
  2f69354fd433eec277a804124f5c476fd645270b89af3db22ed45b599cdf251cfccdc3c642b8893078748a0a674676ea28c5fe5b471a633de7301c6a6646295b
- SSDEEP
  
  192:bzQhZDqlJcKISw99ioU3MSfwLF/+nhHUOFsdz:bzoZDGKYw9goWyFGBUVz
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMP/Xmp/XmpSetup_4.7.9.779/XmpSetupHelper.dll
- Size
  
  129KB
- MD5
  
  7a940eff3bf618db55a422be9998c88f
- SHA1
  
  aea568f8c45a5c22dd875dbee1c5af766ff5cd4c
- SHA256
  
  f07dcafb71a41835f2c547f9cec6b569ebbb505f64c183bde43d7ebab01c7556
- SHA512
  
  8438721c26d1ba8ab51b325cb0fc4b63ca3674331272a29d02287a0657c8853edd8af2cf7de1687b92cd7392a4992bbfe811ab5e97badc18ee932d1cc1e702dd
- SSDEEP
  
  3072:WhI7B2tXtU7ZzixJZxFrG7IljuQujfRjHzKZq2:W62Rmdz2nxFrq6u9R7z0p
Score

1^/10
behavioral10 behavioral9