sality

Sharing

Copy URL

Twitter E-mail

General

Target

4369a932cc794beb24a7cb49607d29e00da918be302bf67d2c8fce7f02635bca.exe
Size

152KB
Sample

241222-nlzafawmh1
MD5

ffe46ff29f379462c416c8e7c7816044
SHA1

bc6f80661819aa1611eab73d5ffe368cfe1d1439
SHA256

4369a932cc794beb24a7cb49607d29e00da918be302bf67d2c8fce7f02635bca
SHA512

1a8409df32a7717b5186ad30d4f3613a30739c36e845539836e069d1800a8b0953c38aa58e17b183f76dcd236bfbf3d5467ada1e6d3f70e91b2a29d6a58e24f9
SSDEEP

3072:QvnBaaWJ89cnN5eo749OJo9VD96fzfZNHhUPdcLF3iA:QvncX29cfv40Sf9ENHuPdk3Z

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  4369a932cc794beb24a7cb49607d29e00da918be302bf67d2c8fce7f02635bca.exe
- Size
  
  152KB
- MD5
  
  ffe46ff29f379462c416c8e7c7816044
- SHA1
  
  bc6f80661819aa1611eab73d5ffe368cfe1d1439
- SHA256
  
  4369a932cc794beb24a7cb49607d29e00da918be302bf67d2c8fce7f02635bca
- SHA512
  
  1a8409df32a7717b5186ad30d4f3613a30739c36e845539836e069d1800a8b0953c38aa58e17b183f76dcd236bfbf3d5467ada1e6d3f70e91b2a29d6a58e24f9
- SSDEEP
  
  3072:QvnBaaWJ89cnN5eo749OJo9VD96fzfZNHhUPdcLF3iA:QvncX29cfv40Sf9ENHuPdk3Z
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  61151aff8c92ca17b3fab51ce1ca7156
- SHA1
  
  68a02015863c2877a20c27da45704028dbaa7eff
- SHA256
  
  af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d
- SHA512
  
  4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e
- SSDEEP
  
  192:2OShJI/rmOAIPkWpUybQ9WhP4t5Rwc89XbubZaX5:n6OAOkWWycGP4XRwc2qFaX5
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  2b006bbf7c9295683eddfad40008be85
- SHA1
  
  b3f42a8e2ff172d51418c72811586b11ed589909
- SHA256
  
  9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88
- SHA512
  
  e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/gtalkwmp1.dll
- Size
  
  68KB
- MD5
  
  f341a096bbc785dc39e0170ff725a7d5
- SHA1
  
  75b233a2fc20ff4a748c65b80c17188f63b9cd53
- SHA256
  
  fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b
- SHA512
  
  fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a
- SSDEEP
  
  1536:tEAx/fgfg9yE7qnuhyP27auArvBMJlFf:tDxBZqV2evBMJlF
Score

3^/10

discovery
behavioral7 behavioral8