sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_029fde9403ed6a8445e674646c4104c0
Size

231KB
Sample

241231-d1f3asvpax
MD5

029fde9403ed6a8445e674646c4104c0
SHA1

2a6a3c327b11d30e00dbef3370275cf4fc60586f
SHA256

c351b4878a034ce7d31673ceeab281922585b1b26a9f520c2cf69f5f900d87a0
SHA512

48141c1c4b25e2a49a5e3ab0b6ee00cc038233c99c38634adde5169b67e3f44d88247eb6b54a2fa7a5af7144b3045de40626fa5a92724381435aad4262dec95e
SSDEEP

6144:Z+2YqOYG9j0CUEI2hd5twlULasDns6uYozF5OwVkS6E:kJEWj5Fhd5sUesDns6BAee

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

- Target
  
  JaffaCakes118_029fde9403ed6a8445e674646c4104c0
- Size
  
  231KB
- MD5
  
  029fde9403ed6a8445e674646c4104c0
- SHA1
  
  2a6a3c327b11d30e00dbef3370275cf4fc60586f
- SHA256
  
  c351b4878a034ce7d31673ceeab281922585b1b26a9f520c2cf69f5f900d87a0
- SHA512
  
  48141c1c4b25e2a49a5e3ab0b6ee00cc038233c99c38634adde5169b67e3f44d88247eb6b54a2fa7a5af7144b3045de40626fa5a92724381435aad4262dec95e
- SSDEEP
  
  6144:Z+2YqOYG9j0CUEI2hd5twlULasDns6uYozF5OwVkS6E:kJEWj5Fhd5sUesDns6BAee
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISGameExplorerPlugin.dll
- Size
  
  100KB
- MD5
  
  0c2020b9cebdefe01d1ab1bf079ead52
- SHA1
  
  17bdbefce3f24c7b8817bb0499ef407f4bf0df2d
- SHA256
  
  32fa6bae573848b5123734672039e808c9ce93e781f01e619b959c6c4e8fde72
- SHA512
  
  fea74de5eca2d90fe6b35d3ad40ad2b7527448a5cd9f75eb2d549d4aa5e8cbb410a3d9a3b1f3a861689c5f45b949c87090f0349ad57f5918dd1b27e7b26b61fc
- SSDEEP
  
  1536:AqV12BONSINktv/L/52YrzW7kM7FagVvgrcr:PVVSV/8qCktQvg
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  9KB
- MD5
  
  0e4c4e4eb158e3f250ca9161156e74a5
- SHA1
  
  78d055856312c2b9f313877f7f72ca936554095a
- SHA256
  
  60e6e287828dd882447a79018b505bb3be67b0f04fc8e022a57442e249588ed1
- SHA512
  
  eba47ef4d16532df26f50e42bb5650733844ffc94b6f0e9037c2a2854326e9bcf1d6c967f541a655a91452c9357eb4ba1aedf85a2757a560ad4527a8f6b63ebc
- SSDEEP
  
  96:F6MvJGp7txVLdOEuRKfUv2GS45RJZhrks19LbXJs2Wt9NlUUcXLEPSStL:iZL0iU+Gx5RfNF9vCt5bltL
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  3KB
- MD5
  
  1923c3ce705616293c721d5dfc46b7a3
- SHA1
  
  beec6bba81cc80e100243e6b26554e0c585f7734
- SHA256
  
  921d31307a7e93270caa35093893b1799b055ffde2db3298fb9aa495ede7f9a2
- SHA512
  
  b8d584db8fac7a8395e3e5e1fdf12c4d3e5d1bdd78ac00e7467b5c4d279c670834211076ada391b6f11fb833fc8b54f2b3b24d9ecd85727000b1c0138aac8b77
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WT_Plugin.dll
- Size
  
  164KB
- MD5
  
  9f392fdef8b0681254ad916cf0cf6961
- SHA1
  
  ef903a0652696e5c0aad1b271916a1c212bdcee1
- SHA256
  
  0e6a43834e7124c784f958756330dbdcba32bc397bc96fd8ce1672c8c173be27
- SHA512
  
  5835042e78caea5ac25b2ce7c0490643c37890dd83424bf521ed67a97e2faaf95e2f8d9e7626b71f78c1d40e93dd61d3a175d149cf932042101d39fc09c2a77c
- SSDEEP
  
  3072:vfVsuKQwAI+qDC9VK84fDXgnmKXYEJUyrqRJIUCrK9wcJlFeLiUAQJ:Eu9bA8mKXYEJRo/zEL3
Score

3^/10

discovery
behavioral10 behavioral9