sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6b7b835bbbaca8fef6786c9d7b775ee5
Size

12.6MB
Sample

250131-srn4wayrat
MD5

6b7b835bbbaca8fef6786c9d7b775ee5
SHA1

6fbab98cc37e39b5f1c102dfba2c9247073f47f0
SHA256

7e444894dac4b01faf8739a339bcdd18e0bc89fb6cb84204d55d7421da157522
SHA512

1b50ba624a32b90612b0f88e674b2f7e1816a53393e09f27237d76f6ffdbcfa6f4d2ff340b33b6e0fffa685ead9292de34508b32e57e7de3642da5a654f81a68
SSDEEP

393216:2cE/8Jcv3HAFQOIbwBGAZQI+ePnYhWZlIkNMFLi:68Sv3GQO+wBYICUKkek

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  mini pack/DSETUP.dll
- Size
  
  34KB
- MD5
  
  4f5f399a970a921f883975a2228a1c8c
- SHA1
  
  f2c39bde79a6d91f8e35dd4eee5ebed4573c5615
- SHA256
  
  0fdfff9a5db0bd4b16a9663a6616308c511a21e3bec0bbed60ddfa2597c73acf
- SHA512
  
  7a03587c77eaad433fb49694b9cabbc0bda8e8554a97ee3ec63ca09dd7df37cae0031c1b9b52ab4d76d45fd847adf5a7680bb0dc803166ce4fb4cfc12aa017ef
- SSDEEP
  
  768:7M0v0mWosSeNwRQy1E5MYDgZBC7Q3+jPJmEDUWe:7PdRzeNwp25MY8nC83+LJmEDTe
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  mini pack/FixMetin2 Giriş.exe
- Size
  
  4.2MB
- MD5
  
  cbc4d135cabbe33cfc703655eb79923e
- SHA1
  
  000d8d5bc64238611faca52bf8637563d3270aa6
- SHA256
  
  e5c313051af1a4a70d1c957e28dbd4918eaa500f96974301a3c808945df92719
- SHA512
  
  eeaa3f3b46d4743b4ec5de8b9ff71ee616023a9e303b05664bbbf2a3abafc19916fd4bfafe1e6b7d3bebe37e941d7d730f0eeeffdef9c2e0a56377ad12cc415c
- SSDEEP
  
  49152:AkDLtNez2CtydkWv3VxW16H/2J7owXVcAjsoqrtJIZQyOn9B5d1nj3zY:AkDL5CtyFLH/2bVurtZA
Score

5^/10

upx discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  mini pack/MSS32.DLL
- Size
  
  126KB
- MD5
  
  c873412752cfdc924f8e892110dcaaa3
- SHA1
  
  f65246c6e9b0584cc603cb48de761325b9a0bfa6
- SHA256
  
  47f2a4b637fbace3b569c856ac18c529315fe7659d8b260c9310f91f6a4d345b
- SHA512
  
  09cecbdd5c1637dca657eea233a0a7abbf34d62fddf74484ba03c0bde627e113bf0b3a0500aeba90c60576be32f0d4436fab3dff4e0efbec509455b8b4d7d53e
- SSDEEP
  
  3072:UBk2PIpz3ZXSRttfUWA4unOTHjj+ScH+hZ2ajZEoDESi:UBk2gpz3ZiDtjA3OPC5e/2e
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  mini pack/MSVCRTD.DLL
- Size
  
  424KB
- MD5
  
  01c72cfcaaed3a7564e5b893b7712d28
- SHA1
  
  f6c83fbf9be1f5ab40cabd63dfde4df340cb74c9
- SHA256
  
  9ccc9526a034e337c1db7f4afb60d88130ebca9327287915ed50e87c873e44f2
- SHA512
  
  5f0436e6632e095f9ea59d349cce9fc4497ffae8c5cf41e15114cccba479c0d150d8dfc0b0a2468ed5e9d2f762ecc13279322e736ba14b69223e6acb3f84bc62
- SSDEEP
  
  12288:/Yv0270NrYYCh8vzjLdazkyFnVt7EdvcCPBGYD90Xhjc8OtBfRw:gv0270NrYGTdaoyDBEdFSOtBfi
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  mini pack/SpeedTreeRT.dll
- Size
  
  1.7MB
- MD5
  
  1ac3d612389fa679f5ca3c6bab855145
- SHA1
  
  2f4f279d0c99c112db1adee5a3c324d0355fcbf5
- SHA256
  
  ddba9b9b427d541ebc0bf1221fffc5d56a85d7b8ee0dfe6370a83a133da6967b
- SHA512
  
  847376db96f3a3c1ab844fbf066f4e0e05b203769d7ca04fdf2463e86fc99ea1589054d1cc10ff70e45a5fb82a9e103edc2aa17b76cd94497cd49fedb6e06788
- SSDEEP
  
  49152:dlb1zb1jb1Rb14b1Rb1Lb1Rb12b1Rb1Nb1Rb1Rb1Rb1jb1rb1Rb1rb1Rb19b1Rb3:dlb1zb1jb1Rb14b1Rb1Lb1Rb12b1Rb1x
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  mini pack/artpclnt.dll
- Size
  
  108KB
- MD5
  
  26b7ef7142e838b886fed8159c891a10
- SHA1
  
  cb25dc282da6569f05dd4cec46e32b49199d3801
- SHA256
  
  33520b396ca72c76c21b1295b0b95583203079687c2dd094d44b728c3e09b66c
- SHA512
  
  2eb1c9ef4fa908b45b14b59d3b9ab3dcfc5f1df37289180698e6bd67355329ca63630a78ca0deac691d5affd97431766c388dd6052d1f19c1986d002ed1c4536
- SSDEEP
  
  1536:oa90siKrETrDt/LQSbXD+TDZJ+F0SMSlFU7c0uQLtZKwJnhIZMNNWBD:o6E3DNDQQFfUw8tZKwJhE6WB
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  mini pack/devil.dll
- Size
  
  263KB
- MD5
  
  8df4d4324e5755f1a0567db3c5be4c58
- SHA1
  
  313a23600a169adbe130b1ae1784d8de437ce7d9
- SHA256
  
  9792df088f4301012bb024979aa9b10dc1c40a3e2e801bb47ff2741af5d6a066
- SHA512
  
  934cfffccee0f51ba78c4374c79c64e2f3e9b379e722be85b30489ab3443e0cb0db25394f87a399a5d62b77a6355e5fab1d887b3fc20f4fe5c3ad63060aaa575
- SSDEEP
  
  6144:G6Yr/mZNHrtJGD4BzmpAYYYuvmXQU6xCb:G6y/mHBJYwKpYYuvmXQhxCb
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  mini pack/granny2.dll
- Size
  
  361KB
- MD5
  
  0b2b7950c8c66fc36699719112a7e5d9
- SHA1
  
  f5dbb5f253d0684ad3ecb254305e1855d1bc9ba0
- SHA256
  
  bf8352a753a7b769faa3fdd4b10ed1b95bf5de2b5432ff5c097a7d87bfb6fb33
- SHA512
  
  49ac016f75960cabd34ef3b45e110d4998d2226d251de8705dfbc604a6e95243721f3962c719d78745960ed004ed8da3e5279f4ab4f9e3fc6f905eb96cacd798
- SSDEEP
  
  6144:3LrmxvIvVP1+aS3MxHVBz46dXc5W2D91QPGEs29h:HmxYu3uHVRVs5VhWh
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  mini pack/hshield/AhnRpt.exe
- Size
  
  832KB
- MD5
  
  8f5ce478e09065a26d0aa1ab451ca5cf
- SHA1
  
  05b5b5d64e69101954558f38a885713f27f28da5
- SHA256
  
  a11d36455f899df98977d8695c7bf68033838dae49c613101e3fce52e5b0544e
- SHA512
  
  1409d5ea411ee3ba4cc5bd57b8dde70290d49ffa1a7236f41266a76a852c315cde9b88313a03193c9bf45a42312fdb2287083c858167e5480aa74b8330fc3979
- SSDEEP
  
  24576:42EkgOShQAUCSMcpHexyKTcCLqNeZoTUYrKMj7:42EUAUC0ZexyDCLMYyKMj7
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  defense_evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  mini pack/hshield/HsLogMgr.exe
- Size
  
  110KB
- MD5
  
  ceb6c2c0d5601691d9f8d45c89c2bf77
- SHA1
  
  7462b8ff12cccb5b49b1255a4ae293e8ee48aa87
- SHA256
  
  386d320e2a30ead6ae9bdd2cb75ed5d824e01b530b7923dc03f2b09b627a7535
- SHA512
  
  aec32a22f93d5443e1e551ea06405df4cc7b516d12c430cd69db7f9f91a634ee7fe4e922fcf7aab78bdd9a915838394b4ffeac76ef1c7609e0439e18eee19460
- SSDEEP
  
  1536:VTeGoniPox8OwRh7dsw0wcLxoge4P/aZJWg5gqKCfDo:1ZOwRZl0Bagee/aZJWg5gGE
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  mini pack/hshield/ahnupctl.dll
- Size
  
  162KB
- MD5
  
  ac9fcf6413bb1c121b28012ea125c10f
- SHA1
  
  3bd5cf5a6fc9cfd9bb768ee100b184feade324d6
- SHA256
  
  a67f92e4617c06907e08d4d38c1ec18e5bb66a55bfd301172d558d508c666af5
- SHA512
  
  c7c8af20c9294faafd2140f7130a26424af74865b817712b1a42fd848fe9de62c778132e56bfa7325903cc0e4e274bfd97610f730b7bac1c1b7146eb0f33974d
- SSDEEP
  
  3072:oR+yzIYYPbowelqwnJdjeXjTZGJyltxOjbAW9SUX2a:i+Tcv4wnJdjetxdWl2a
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  mini pack/hshield/ahnupgs.dll
- Size
  
  179KB
- MD5
  
  0611ecc4fe23d2967580cc80459d33f3
- SHA1
  
  dbd1c23feded9c5286e781cf78077f1457dec3ea
- SHA256
  
  786b445a844656afe8da4398b7dc3d4d22b837003bd4c59f733531e6e13089f9
- SHA512
  
  23b627f2e37606e17deb55e38e66a1243106e3fbd2b21ba78784a24f1738d27d3d628d6bcca0571cefc6ccb9915e8750e2152a3e6353496dea90ac41fba54b6d
- SSDEEP
  
  3072:VR09eT7laZ6lylqlVVadiVypqVa1MJlQ84oB5AVsIIhMaL/Y4H6QfttsnPlKAeLJ:VgQ7laZ6lylqlVVadiVypqV8MJmhoB5z
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  mini pack/hshield/asc/asc_com.dll
- Size
  
  82KB
- MD5
  
  c420696d15e9c068e4ad360eb5c7eb3c
- SHA1
  
  e2ddfeee895e2402d06f498b8464710ddcbded98
- SHA256
  
  9d2275652331e9b886285a1874909e89dd4f68e53d36e440c02e04be8ef4238c
- SHA512
  
  80c43590450f20802a53f4f1030a4994242322e0be454cf3ffe1c33c9ca4e6b30de54ba9c4a90fac9920e4240415cb832bd3153157d341498586e9f4d0ecfd8f
- SSDEEP
  
  1536:9ua5JvMCaGbSo2kEzRIzXI+0SOCX9n6udh9PGtaCGDg:9vGysRIzXIsdh9PGWM
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  mini pack/hshield/asc/asc_dh.dll
- Size
  
  74KB
- MD5
  
  f1a78c98b27c16d198c1f8a4ee3c9cd5
- SHA1
  
  0b2835a79f98daa5d3e364d2ef4b57bdf05bf5bb
- SHA256
  
  16cb441ee6262bdd77a02c0a7b79c94e0bac112d48a75260f3fc2175135a2c68
- SHA512
  
  e7c5bd63a2d13c2a225255ecb3ca87001e465a76f124cfe50d73ecc330d7e9779264ee66b478d5ab181da3284f93acfef926c1d1169a8045dae4dbfa0d7f88a9
- SSDEEP
  
  768:Q1+3dLtmpiqfZ2+pqJkZfN00CeM0qpRZE7zmEHT8uElLL2bCGMmt:WLiqfZ2wqJkznCeMNRgTz8uElLaCGDt
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  mini pack/hshield/asc/asc_fse.dll
- Size
  
  30KB
- MD5
  
  be7a8a2fa93e53deba08d89846f690ff
- SHA1
  
  811ef169e8044b3487c15f6a0e6383f3bb9cc5a4
- SHA256
  
  956aae2005076f8b6d7aba02545ae1b86fcc9f4d6564273cd2f071970ce57b59
- SHA512
  
  e83a4fbc3f62685f91d2b1840de60c8bb73c2865784fd6767add101492a2fe4d3e708e9464f5d8b5938914da342ecb8503a01b861c94b50abf1b74a05618801f
- SSDEEP
  
  192:9546tFe6AmGAd9vOyowJL/wf7z+ebCfxUDOY3Qpkqs1I5Zgjl9Kguo:v46K6DGAd9mYJLmlbCmOw1M6jh
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  mini pack/hshield/asc/asc_intg.dll
- Size
  
  46KB
- MD5
  
  3adec19dfb0a85e77a914a8e27e4627f
- SHA1
  
  d61d4a0cd0502d6b3082eca8ae3e46243a48c1b0
- SHA256
  
  c02dea04613e4a8d060712775bd9d390e97747436c9852090faa0339963b3a7f
- SHA512
  
  bdd20b2f5f71912b81a17a53f5d6cfd3d8d972590ff653ac7f9ffaa76b4d77240866731fc55db0e5e1e5ef9c892f4d0c9bb0b9d28367d842e1dd6039f854040a
- SSDEEP
  
  384:yrRX6TUUryRaCY3uV7WssQz6QaQKMrL+lyPGRKxSGzUYJLmlbCmOw1M6jBm:AX65NSUyPclyZfz5L2bCGMmBm
Score

3^/10

discovery
behavioral31 behavioral32