sality

Sharing

Copy URL

Twitter E-mail

General

Target

c538cbce71ce7a61c30ee9f3f3776e49_JaffaCakes118
Size

189KB
Sample

241205-bq72xswrfl
MD5

c538cbce71ce7a61c30ee9f3f3776e49
SHA1

f25910090d498e06002d89f8b3f3b4c1fae788d3
SHA256

c17db638a109c9d7676637cb11118b6262b2ffe810cd230cbb9ba696b83cf0d6
SHA512

8861127c549912319dc407fd052f757d6e95e76e80c65f96283f6ecbc9eeff13d6cb0aec7b29960441f740876a90acb2684287cbb4d420e70ea85d016f0c3c26
SSDEEP

3072:+J94lHFrIX3WCISceAoW+SX2DtulR7ijBA5NwIvPCEh3Gr93ZZ7xhY+h9HumW:AUDomoWfmkk9SNw0P3hYLpbBW

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  c538cbce71ce7a61c30ee9f3f3776e49_JaffaCakes118
- Size
  
  189KB
- MD5
  
  c538cbce71ce7a61c30ee9f3f3776e49
- SHA1
  
  f25910090d498e06002d89f8b3f3b4c1fae788d3
- SHA256
  
  c17db638a109c9d7676637cb11118b6262b2ffe810cd230cbb9ba696b83cf0d6
- SHA512
  
  8861127c549912319dc407fd052f757d6e95e76e80c65f96283f6ecbc9eeff13d6cb0aec7b29960441f740876a90acb2684287cbb4d420e70ea85d016f0c3c26
- SSDEEP
  
  3072:+J94lHFrIX3WCISceAoW+SX2DtulR7ijBA5NwIvPCEh3Gr93ZZ7xhY+h9HumW:AUDomoWfmkk9SNw0P3hYLpbBW
Score

10^/10

discovery sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  5e1b4d6318e6841bc05110ff2fffde08
- SHA1
  
  14fd68255e5992afa3affd35e9ad37a63207a8e7
- SHA256
  
  f527c375be190b78c063f95ec103cbac2e6c231ca28242f47d7b8771a4200fa5
- SHA512
  
  dc5f14b24590830a1588acb0360a6574cdd5a185772e93ab38116acb6e6744f42c85b134516cab470f736816c77691cb2c512ea9f79d0346d6eb789bc94eb538
- SSDEEP
  
  384:HLbZ+21yxu6kGxPcSkfWpATCzic8OvNV:rbj1yomESkQNoi
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  9KB
- MD5
  
  29948eac267f1f3a618adccffac4a6da
- SHA1
  
  501a6ed0d063bea025e292d87ebc8a2ad6909639
- SHA256
  
  53da28f1a771ede7149d58b9fb8bc42184494202065f68dd2a19e7800f084999
- SHA512
  
  7cf19408eb0f2be7423c6e199c1bbd016cc1b469a4f4d53aeeb63afdf0d3b5f50310c034ad7b5da58b1e8a34a90ccbfe912ac08f13fcce3df98e085820f600c2
- SSDEEP
  
  192:wVS+6oMnQ5TWgWsMI4R5Or5nQU39FYeknC:w56oMQ5TWlbI4RS/FeC
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  15bfdf6af53021cc43d20d4cb32c487c
- SHA1
  
  efd9ec82c81a886f0b04222961c26f6822051d95
- SHA256
  
  8a846161651a5363d5e19a97b8677bff832751c1eecebe888528e303136d4706
- SHA512
  
  212d7dd912e47800b59aeb3eec7cfd3616c09aae2c03b583c7c075f6a880e8570c2ce50419ae0f42aaa3500ef7135be49c29862f7190160136e68cc93cf762e7
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  84KB
- MD5
  
  fae3be7a9827eaa3ef9f43832805e110
- SHA1
  
  0888a3ed318f17bf39e3c9af5848c965551b31a5
- SHA256
  
  65aac0490feb6cb70ef76b39d3f08f61172dfce998fecf56a25c3f10d5c754a7
- SHA512
  
  39d0496614a390c2e97636bd1d252c3cba8c0c28a7245f631cc7b7195bfe224cb176c97adbb92824df8db5e5340d5255171eabcac0da548385fed0d81578c6c2
- SSDEEP
  
  1536:u8Cqsfjs/9/1EIilbXDlK3bvjcajr6SlbG:u8rsfj+99EIUXDobvAaySl6
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/uac.dll
- Size
  
  16KB
- MD5
  
  4e1c46e37af4b3ab0036cb1e85c81608
- SHA1
  
  8424a551d819cdae44d95a80af24a502d7e25ac1
- SHA256
  
  468d24e632789e5d2e740bf7b084d72e4e3784ebc19d77dfe4b3d866bec8d789
- SHA512
  
  9a2e140238bc6e4492cfcd022930b4facb3ca61d498febce949b36b526ef5ab434d94d0811bf958f572d1cf141b4411fa7950551244926a93d69b68d8fd33df6
- SSDEEP
  
  384:hY6sgOopYKegm5rDXLGt0NVHkGdeKjz3Ro:hYRgfYJgmFLdNVHkGd/z3R
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sality family

UAC bypass

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12