sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_44f3e4b29a8780b3b978cc583b39ebb0
Size

242KB
Sample

250101-dms5pssmf1
MD5

44f3e4b29a8780b3b978cc583b39ebb0
SHA1

c9e897bc7f077ac61fefd1a3910cd27414e6a713
SHA256

8380d2b9c779f7fcbf1327f8881197710f51c5cea01742c9acecdfd2bca19672
SHA512

e2c4c16021258b279ccf30d7b711dfa8a7bc40a07e62d77052d8aae0f8af57736b2e1d1692659a5ed8f59d71793469511b762fc5b01266ed431261dff376981e
SSDEEP

6144:XRx9K6hMTX4TPs0PoIjIKAs8LfffihaXV+l/wggD5C:46hZ/PoIcKAs8TfihaXMGgg8

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  JaffaCakes118_44f3e4b29a8780b3b978cc583b39ebb0
- Size
  
  242KB
- MD5
  
  44f3e4b29a8780b3b978cc583b39ebb0
- SHA1
  
  c9e897bc7f077ac61fefd1a3910cd27414e6a713
- SHA256
  
  8380d2b9c779f7fcbf1327f8881197710f51c5cea01742c9acecdfd2bca19672
- SHA512
  
  e2c4c16021258b279ccf30d7b711dfa8a7bc40a07e62d77052d8aae0f8af57736b2e1d1692659a5ed8f59d71793469511b762fc5b01266ed431261dff376981e
- SSDEEP
  
  6144:XRx9K6hMTX4TPs0PoIjIKAs8LfffihaXV+l/wggD5C:46hZ/PoIcKAs8TfihaXMGgg8
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  7e49eb67f1f3c62bb8c4b0a868b30645
- SHA1
  
  2be42e3c6059485bc3b624a537ab1fb36a10a263
- SHA256
  
  17f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae
- SHA512
  
  469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e
- SSDEEP
  
  192:/6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTSK72dwF7dBdcQOz:/6JaVh4I5rpPbTS+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  de86f5220bcbbac420fc4f6166bb2d91
- SHA1
  
  d0d52fdacbcffe0058cedfc20cf5108475033f5d
- SHA256
  
  7f3057abae7e8b5b91a35fbb23897657accb8c724e923d5d4a0e9208ca09c445
- SHA512
  
  d22f7807037c410427518891dee5dd535361df514ce0980a654d99d32f369b5e9c2059bc5930d807e93ebb3b7741d09466dd87bb796256daf9d8a630280fbe99
- SSDEEP
  
  192:mO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1afgMO:DKAFERdlxhGRYUzqZaf
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $R0/DelFile.bat
- Size
  
  88B
- MD5
  
  47b65094daedc3fed42669a8cd583556
- SHA1
  
  18568606d880bb090c5c54ed68b031f99fe02954
- SHA256
  
  cf4839b27b260bbfaf89c1ce7ef6cc426cda4b5120d6adcf447a77b352913db8
- SHA512
  
  ff2d7d2b2bebfde4eb331b4f94cbd39a9a238f2b8cd5d6f463c84ceedc5e372458ef402b960e2c6177de26a7e08193ea3a845c3eab3b002bcfe19bb5e5927f92
Score

7^/10
- Deletes itself
behavioral7 behavioral8
- Target
  
  $R0/DeleteFile.exe
- Size
  
  236KB
- MD5
  
  f4cee4ec36ad2cde717edd940528fba2
- SHA1
  
  fc71db69abdc7679fb4e6b3ca31604a68a328ccf
- SHA256
  
  2aafe1803c23ce34522e6d34835eac40e7715b11ccada95a256066a9a38426dd
- SHA512
  
  a74d5126519aba5ec2855a84bdd3e137ad1dcd6c94eafe7e6c7835979a7a2580f7a366bb3e8c7facd1f42003bfdb5525dde457d19fa698dc5073e91a30c9f321
- SSDEEP
  
  6144:M8zYtf+FrxEgR98CLko+j3hLdjJkzeeIuMEP:MLf+Frx5/8CDohQfMEP
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral10 behavioral9