sality

Sharing

Copy URL

Twitter E-mail

General

Target

ef52d5905bb3e14987569326b97d718a_JaffaCakes118
Size

201KB
Sample

241214-sbmwwavre1
MD5

ef52d5905bb3e14987569326b97d718a
SHA1

82b1a7449af9d3ec588375ebe5cfd0b85c19e26a
SHA256

107f92b749ac7c7b2af15667e0d9a9486a8f9cda00db89963b7fb35763256e18
SHA512

b96a9c9e5c25a1b347dbaf71ec313bfd6cbf01045aaeed2009bdf4cf014ec2d93c9cd15f59316b66c7db27808be86cac4cd11c61f4dbafe0b0f89af35b422a92
SSDEEP

3072:2KQXtF/sDHmJ7HzTf+02KCTcbWSzL1dcrN4Z9n92JOttLqu5G5vZMZ/Ic6hqhM:2NM8zR2evzL1dGN4ZeAbLqu5avSt6hqS

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  ef52d5905bb3e14987569326b97d718a_JaffaCakes118
- Size
  
  201KB
- MD5
  
  ef52d5905bb3e14987569326b97d718a
- SHA1
  
  82b1a7449af9d3ec588375ebe5cfd0b85c19e26a
- SHA256
  
  107f92b749ac7c7b2af15667e0d9a9486a8f9cda00db89963b7fb35763256e18
- SHA512
  
  b96a9c9e5c25a1b347dbaf71ec313bfd6cbf01045aaeed2009bdf4cf014ec2d93c9cd15f59316b66c7db27808be86cac4cd11c61f4dbafe0b0f89af35b422a92
- SSDEEP
  
  3072:2KQXtF/sDHmJ7HzTf+02KCTcbWSzL1dcrN4Z9n92JOttLqu5G5vZMZ/Ic6hqhM:2NM8zR2evzL1dGN4ZeAbLqu5avSt6hqS
Score

10^/10

discovery sality backdoor evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  8614c450637267afacad1645e23ba24a
- SHA1
  
  e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
- SHA256
  
  0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
- SHA512
  
  af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  e961d94e43e3fe28f274d6d616cdbbec
- SHA1
  
  ce02590f362d972cf9e2e3bf53e8b43724f6cbfb
- SHA256
  
  4fd4bcdd7114e4616920a20fcb68be7d842ce3615ed10783b603ac5804c80b96
- SHA512
  
  17cbbba6e9807126bf9f2da349e2f8263ab353637d0e54acfc3c06a19134f5b2c1eaeaea8819a735a16e1dfef3861054f482bffdd39cc7df71f99831cbbedf0b
- SSDEEP
  
  96:upEck3GMVT6o1usQh2BGiCrmkSHz/nT6rPlbLv1bLyNyrc8eeYtMXR:upErGo6o1uv2QiC0/T6rPldwEch1yh
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  16KB
- MD5
  
  ad0c39f7ff92b650511117ffa94d2a65
- SHA1
  
  f99d3932d09b3a883ee7c16465e681e2d0a90bce
- SHA256
  
  45e8054f0ac9b39a187efc0365ab871ed3fbd16868721ad3bc9fbbf4f83a64d2
- SHA512
  
  3210047bc5827535d0059a2acce84b86b96ea93d29d0829fb2a2d8057fd5245e172258778e2b3c0cf1134f89699e9b83c048656e42eb07b9dac29f20eb53528a
- SSDEEP
  
  384:iWL8hUOdWHxlS5ecK5UnkMWVGqr+GVko6iVV0jKY3i:i6oiHxlSCwCGqqG2iV+K
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sality family

UAC bypass

Checks whether UAC is enabled

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8