sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4b7dadc8e5ebc4b39c8ed4d4f8b3a450
Size

161KB
Sample

250101-htc5aaxrcy
MD5

4b7dadc8e5ebc4b39c8ed4d4f8b3a450
SHA1

67ecad9ddff4d0edfce0e96385ece8f05bdf1340
SHA256

4d930a2b4cd1d6c70c11be9aad428290c9d148568833a0061943036882088abe
SHA512

b1696694b99de6928486721af5f1581f55e0bb15b62c27d15775eb96d27fa1630cbd2cf67520a80e9056db8d60d3a6f11dabd2ae1aede2abd056b5be1406a556
SSDEEP

3072:pQI3RTXJ8i0aMI8vP/2z7unqYoPFmSKVZ3EqGsh0QCqaF7NsCwSuXuTfgzKuoBa+:pPeB32/ulo99K/E6h0BqGNswu+SKBa+

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  JaffaCakes118_4b7dadc8e5ebc4b39c8ed4d4f8b3a450
- Size
  
  161KB
- MD5
  
  4b7dadc8e5ebc4b39c8ed4d4f8b3a450
- SHA1
  
  67ecad9ddff4d0edfce0e96385ece8f05bdf1340
- SHA256
  
  4d930a2b4cd1d6c70c11be9aad428290c9d148568833a0061943036882088abe
- SHA512
  
  b1696694b99de6928486721af5f1581f55e0bb15b62c27d15775eb96d27fa1630cbd2cf67520a80e9056db8d60d3a6f11dabd2ae1aede2abd056b5be1406a556
- SSDEEP
  
  3072:pQI3RTXJ8i0aMI8vP/2z7unqYoPFmSKVZ3EqGsh0QCqaF7NsCwSuXuTfgzKuoBa+:pPeB32/ulo99K/E6h0BqGNswu+SKBa+
Score

10^/10

sality backdoor discovery evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  8614c450637267afacad1645e23ba24a
- SHA1
  
  e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
- SHA256
  
  0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
- SHA512
  
  af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Registry.dll
- Size
  
  16KB
- MD5
  
  24a7a119e289f1b5b69f3d6cf258db7c
- SHA1
  
  fec84298f9819adf155fcf4e9e57dd402636c177
- SHA256
  
  ae53f8e00574a87dd243fdf344141417cfe2af318c6c5e363a030d727a6c75d1
- SHA512
  
  fdbbedcc877bf020a5965f6ba8586ade48cfbe03ac0af8190a8acf077fb294ffd6b5a7ae49870bff8cacd9e33d591be63b5b3d5c2e432c640212bdcd0c602861
- SSDEEP
  
  384:Bl1fUuJHxreh2OatbswPCr64oLchV0oLQYYfVB:BlBzHxrehKbswK2TchDLQZfVB
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  9bc6c411efa742a5de7d8372afafa2fa
- SHA1
  
  2b57865e87c7ca2db97d0296d8cbe0183df2c2cf
- SHA256
  
  0cac914c87d4e73875dea8544391e383f441d624ea5ec9a4864d056db161206c
- SHA512
  
  092ef3f13a71a46df0f78a3b5eb4492bee32f1a12be27e0c534638ec7723b2a9aac23391768c352289df6a8988cbc6cf96ea22d8f1983b5ccf609e08d1db4bde
- SSDEEP
  
  192:7p/MyET9lrRyFJb9kSw/T6rz91YrLV1hiI:7p/MyET90k7/T6rB1Yk
Score

3^/10

discovery
behavioral7 behavioral8