sality

General

Target

e849a572a97e2c481768278f885a774bd60291f9d7aa75954470037709252d4aN.exe
Size

1.5MB
Sample

241207-mfjr5aykcw
MD5

035540cc3211f5648f6aef5998678ea0
SHA1

f55d2aa510d18c9d4f83e3d3b0ada6566a7ae58b
SHA256

e849a572a97e2c481768278f885a774bd60291f9d7aa75954470037709252d4a
SHA512

f2c91ff337cae040c1abf25bef2ecc93827c21689be7ad3ed671ac2591bd7a1d84c68595187ed75a5e5c2887f64b8e4037bdf9fd57a3281324d0a4cab8761a20
SSDEEP

49152:kYyk+aDRiEmsQnMG0N8MZs3nvQFExBibij:hyk+aDRZQMFC5noFd2j

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  e849a572a97e2c481768278f885a774bd60291f9d7aa75954470037709252d4aN.exe
- Size
  
  1.5MB
- MD5
  
  035540cc3211f5648f6aef5998678ea0
- SHA1
  
  f55d2aa510d18c9d4f83e3d3b0ada6566a7ae58b
- SHA256
  
  e849a572a97e2c481768278f885a774bd60291f9d7aa75954470037709252d4a
- SHA512
  
  f2c91ff337cae040c1abf25bef2ecc93827c21689be7ad3ed671ac2591bd7a1d84c68595187ed75a5e5c2887f64b8e4037bdf9fd57a3281324d0a4cab8761a20
- SSDEEP
  
  49152:kYyk+aDRiEmsQnMG0N8MZs3nvQFExBibij:hyk+aDRZQMFC5noFd2j
Score

10^/10

sality aspackv2 backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/calc.exe
- Size
  
  1.3MB
- MD5
  
  97e47588a35219417f64ee2184e99118
- SHA1
  
  37d77f2594d3a5e81f4aebe0efdc24506b17f542
- SHA256
  
  fd20d30fb61ae75dfb715837d811250b2dcce0fc40b2bd3af6533dac50860513
- SHA512
  
  39c550d772940d06be3dfdd27ae051a895a2e9887a837131b21ac9470f5e9fb929e8c29d4338cdd8b5406c42973d84546312ac3767c28006a1b77192937bfa1a
- SSDEEP
  
  24576:3k+aDRGujRURnI9krKmsXKSzEnMG9iN8MQCUT9Kkn7/jLztCS6FExvZK8fRcbKJK:3k+aDRiEmsQnMG0N8MZs3nvQFExBibiK
Score

7^/10

aspackv2 discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4