sality

General

Target

cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d.exe
Size

1.0MB
Sample

241210-rft1basmgr
MD5

b070c84b1a2ac1d2cf4b39dd37a9b3d5
SHA1

af69b3b51040b56df18b83f9b215e16f37803b4b
SHA256

cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d
SHA512

c77940d28b567746a040a4f16b75691d722812599273041144ec1f01f863204d74498ce7d83775d1de2ab3521d27e42c5624af03548b2fcaefef74061bb70ccf
SSDEEP

12288:MYEWcMwLfzH5BUdtsKR0yCKM8CxF7h5NGyENSrzXVoGsqACwUeCCbSzVczdDsgch:MYUk3X5N2FXNGCrZEqACXeCXcdve1z

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d.exe
- Size
  
  1.0MB
- MD5
  
  b070c84b1a2ac1d2cf4b39dd37a9b3d5
- SHA1
  
  af69b3b51040b56df18b83f9b215e16f37803b4b
- SHA256
  
  cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d
- SHA512
  
  c77940d28b567746a040a4f16b75691d722812599273041144ec1f01f863204d74498ce7d83775d1de2ab3521d27e42c5624af03548b2fcaefef74061bb70ccf
- SSDEEP
  
  12288:MYEWcMwLfzH5BUdtsKR0yCKM8CxF7h5NGyENSrzXVoGsqACwUeCCbSzVczdDsgch:MYUk3X5N2FXNGCrZEqACXeCXcdve1z
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  cae8cbe148469accf1ccf9692316e8f9
- SHA1
  
  64e9308e6b541ad99c6fe4dc90829c7e17794ea4
- SHA256
  
  8a27ff148592c3bdd33e5e9e87b9b05f54a1c136d002746696aeb9e9bd426395
- SHA512
  
  72f1c7ec5f272d51c3f712c3b03eead35c3c0540adc5cd1f27004fb659f384720aa841f32fb76ada506398be767c3851633c95755af9af3d6b8980d74cee1023
- SSDEEP
  
  48:SdcTYWeApYxYlxamAWHN+EuWkGWBBWAGGrx3pMt4z8mtJ73NofYZVSA:QZWGSxamjHNDuWRWBBxrhSbmtJ73RV
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ProcDll.dll
- Size
  
  1.5MB
- MD5
  
  0d360c149b2c6649637985ee8b0a90a8
- SHA1
  
  2b86f26310127645bc0c758ddf1fd0f42465b053
- SHA256
  
  9088ac40d822a32efaf756d4d866faa72e69070d691907adfb0dfe916ccdb05f
- SHA512
  
  96342c15738fc766ce7ea65b5c4a18829d68cc65f1ce931733820d9c9bda4e8bf570f90e26726b063eeddfc40bf454c6ae7751936c5d085cbc03d7f6989f7091
- SSDEEP
  
  24576:PeQZyM8hOwcMRkASS2dTY1cPycfaxS0EwkNSoTo54Qh+ba3UdyjfDIvvIYu6aQjW:5y5hBSI1cPyO90kdycJuwj2Km
Score

3^/10

discovery
behavioral5 behavioral6