sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2
Size

776KB
Sample

250201-2c59aavndk
MD5

764c68cc55891b7abdd68c768e5cdfc2
SHA1

b11965e1403bb088406f531322e8a847601d2905
SHA256

5a283c7d6a5eeacaad0a28780ec39037a2baac74dfdd1c2d7a372560b03e6833
SHA512

6c813c0d0c0b6ddffe6757ec532088ea1649740a602913a89e6e23937585c51c2715c15626ddd847fba0359dc7c8eaf0fa327bd86e81e3c64312048ad9478f84
SSDEEP

12288:jQCjbTv7BdOmF1FHYSqZTSuXHoeaWjezQC6Q8D8IwSec5F2XZdJ/+g:XjbT/UZpojzxZ8DSO8XZr+g

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2
- Size
  
  776KB
- MD5
  
  764c68cc55891b7abdd68c768e5cdfc2
- SHA1
  
  b11965e1403bb088406f531322e8a847601d2905
- SHA256
  
  5a283c7d6a5eeacaad0a28780ec39037a2baac74dfdd1c2d7a372560b03e6833
- SHA512
  
  6c813c0d0c0b6ddffe6757ec532088ea1649740a602913a89e6e23937585c51c2715c15626ddd847fba0359dc7c8eaf0fa327bd86e81e3c64312048ad9478f84
- SSDEEP
  
  12288:jQCjbTv7BdOmF1FHYSqZTSuXHoeaWjezQC6Q8D8IwSec5F2XZdJ/+g:XjbT/UZpojzxZ8DSO8XZr+g
Score

10^/10

discovery sality backdoor defense_evasion trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Common.dll
- Size
  
  1.1MB
- MD5
  
  62e773412738d8592ef806d9d206763a
- SHA1
  
  0cb2745efb69c2a9143c7f2afab1f17abfb21b29
- SHA256
  
  deb83bd5011e0aeeaa3e0519da2ad7fecd93910c6d314ac95c0cf5301a696d2d
- SHA512
  
  0c4e60cd33708ff3e31e0a75f1fc3477581cb1569db0723f5f100f643ed655e673a7e3ab68018bbc84c7d8694d2c59d8c67e1a7e78a72834326868599a77f9df
- SSDEEP
  
  12288:RwsD/OTVfCnLgMPvmXY0p2O3GSSpk0Q2O4O9OvtJAhOx:uGmUvvUBMO2SEXOlO1JAu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  13KB
- MD5
  
  6221eb22d580e9386a9df685e1d1cb58
- SHA1
  
  1dbb2cf032da217383c2b4a7ee0f520d82fff2f4
- SHA256
  
  1c95052ec1667738345ae6ba08628f572cff75fcf7c0b1906e55a10aa1bc15ac
- SHA512
  
  09b51a4956b8eec5f95c44481f9a0359c6aabe3ef81bcd147da4280bdcdf1ac90067f1cd73a23ac1818aff7809ab44d32a1f832e3090deb0a97d6644a5cc6b59
- SSDEEP
  
  192:WkzbXDAOwBM6qDTpyG4m8x9uSPCKRF9FXpVA/KSYgfqAa/1GCfHCCMx1wMdqb:nzbXDAO+M6Yn8x3PC83FWCfHR
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  9KB
- MD5
  
  a68834422939ba1823fb1f5ac9bee312
- SHA1
  
  09ae60e23f7748bf7c05e34dcc707f4283836806
- SHA256
  
  39c10b2d8b0811e4e94867f1e7fa00e429bd4f89bf86ad2d8cc41da597ea70c2
- SHA512
  
  f87d59584096a73235ebfd581a804c4f97f689a9c39b3d7ce01740a7a10a4bdf7283a062c1d4bb2f97789642d1fe515372706ce0c56d0c10a6ee5e9e3e46c4c2
- SSDEEP
  
  192:6QSQyIbvi2rPUyZMao5RO3xX6yyehxXjB:6MBrs1RO3QyyKxT
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/UninstallVista64MCLink.exe
- Size
  
  148KB
- MD5
  
  3b8a3c6b9d72a1875ec846a2853c867f
- SHA1
  
  77681da2a6285384d100147118385887f27cf307
- SHA256
  
  6d181f2090b66b085bace16eb8add3713a4a472b1caf93be16eb370a4772892b
- SHA512
  
  fba6f61cedb505d14193c47ca656dcd2691b3bf00689ce1759ca389e42efb363f10b765b37dbed76f2276982b3741451198fec2cb9f2b40d416e7a1819571f35
- SSDEEP
  
  3072:tccyOj+ZdJ7ec2bJYxd9p2ZF4MG41hwTbZAH2DmpLEC7C:aTn242rfGJAmmKC+
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UnregisterVista64Ocx.exe
- Size
  
  44KB
- MD5
  
  07150757932eafce7706efd7f3db56bf
- SHA1
  
  de88c5b48c694c1e1de7eb1ed7561bd78c9e1ec6
- SHA256
  
  66ab11b85487c497991a17fc471f69858d0583220f62bc292561b97cc92c6919
- SHA512
  
  dc01a95ac9d7e4b6d55606ec8856383357d7b02b7949891314bb2c431ce961795c3229dd4f99544251444425b6aaa2ea1240c95db55d3cc7691c8e115637a426
- SSDEEP
  
  384:ex47Bohb8M7itdUm5pKhLeUxq1uuPEYCr/uRejdTDW1RpPLI9HTXOu5Bqz6EtZda:exYGhZCU5e2u2rr+xPmz+ONEtfH
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  3KB
- MD5
  
  987adfbe3c777b9fa35875302eac8d22
- SHA1
  
  def74308b0c7ae2036d9d0e1306d4c7158bdb6c7
- SHA256
  
  3925ee3235f1acb0acfac6bcc71a311de75792ff81e7b55bc9124319198f7bd6
- SHA512
  
  9b3b1b2ef1dabba63b91dd6a8879f1137c3b3e7394afc99f92a6cacd74b1eda286e33b3817d0634e489425f031961b5a647aaee4efecc99e4057a7fde01cb8ad
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/certmanager.exe
- Size
  
  7KB
- MD5
  
  95618dd2fe0993c94f271499237f5cc1
- SHA1
  
  f8951e13e772305d51edf0572db4a2d82093482b
- SHA256
  
  0fe02c632a646e8e9ab83a6e2c36869a1755cc11181a7b81ad4ec14ca0b63d52
- SHA512
  
  51b0fc930163bf1189e3349647b014ac1f9110842e77ad34739fc3cd8ec303be103e3c40608d8ca271019d71eec0e29fcd04077e3529052801f783dbb9b2d73c
- SSDEEP
  
  192:KRRe2Q2fX2gugVDApJZf98ATZ8ePjfHNO:0/R5UnfXTjfA
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/msvcp71.dll
- Size
  
  488KB
- MD5
  
  561fa2abb31dfa8fab762145f81667c2
- SHA1
  
  c8ccb04eedac821a13fae314a2435192860c72b8
- SHA256
  
  df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b
- SHA512
  
  7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43
- SSDEEP
  
  12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  5KB
- MD5
  
  cc0c51f8565916332cdd689e9741de4d
- SHA1
  
  aaa24dd0f2e2e4a1e9594e87a7b18c6ec2ed27a7
- SHA256
  
  2775dba74bd7494c983fdf4246eea3ae37263f06ad4c4165de2b0a6d1210d85e
- SHA512
  
  e902e6cc97035f33a6f0d34fdcd27ba9a7836529d3c2b3edfaf18011077fc3198c6c74df4122095e06552ed2e1ad2e20b1b51a3cf39b9cd138171589b6932585
- SSDEEP
  
  96:ZSVdcAWesTaqf98/Pf9RVQuECSUsGorozQrUddV/Esb:Z8qf98H0PURzQrUddV/Tb
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  18KB
- MD5
  
  03d860bb46abfe3405725acf557dc5be
- SHA1
  
  a5a699600113cebc59462149ceeadc2f33720669
- SHA256
  
  7c6cc5a8092a455e0084a5785e3d248a79144f8145195884f1cf321754fa2878
- SHA512
  
  e999ee2490dc5443245113f5bc02b8fa7b53363d03b30e0447c521e677494cf2d16721637000670a6c7d5db40731104d14729a8eef55912846ebb375294920a3
- SSDEEP
  
  384:iIqKsIvpg7WqMTIWBo+Ck97a1odNXMdkk5:iasIvEGRCkB/8V
Score

3^/10

discovery
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sality family

UAC bypass

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26