sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_840fa6ee06fff8d84a2773e8ae922156
Size

183KB
Sample

250203-d73jwaypa1
MD5

840fa6ee06fff8d84a2773e8ae922156
SHA1

578ca844543245c67e88aa8c71664035f4b18d76
SHA256

52f79515018dba7417e433c71b09a951015f69827f30b1ca0db3688a2a21d65b
SHA512

b6ca765f0fa3193e0e332e3a9f730309b88491327c6c35eb543343d8e8997e70f9643347ed875156d18403d56e1139e74f7f462aab2c36130197ad2188b3d55d
SSDEEP

3072:DLk39XKhYXJlq+JNu/9P0qO5dqAv9efWQFgn8PInvqHUE9s2giM0vxj+hyv8umc3:DQHK+3S9MqODvULe6mCkbeRmu

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

- Target
  
  JaffaCakes118_840fa6ee06fff8d84a2773e8ae922156
- Size
  
  183KB
- MD5
  
  840fa6ee06fff8d84a2773e8ae922156
- SHA1
  
  578ca844543245c67e88aa8c71664035f4b18d76
- SHA256
  
  52f79515018dba7417e433c71b09a951015f69827f30b1ca0db3688a2a21d65b
- SHA512
  
  b6ca765f0fa3193e0e332e3a9f730309b88491327c6c35eb543343d8e8997e70f9643347ed875156d18403d56e1139e74f7f462aab2c36130197ad2188b3d55d
- SSDEEP
  
  3072:DLk39XKhYXJlq+JNu/9P0qO5dqAv9efWQFgn8PInvqHUE9s2giM0vxj+hyv8umc3:DQHK+3S9MqODvULe6mCkbeRmu
Score

10^/10

sality backdoor defense_evasion discovery spyware stealer trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  bcec2a6095d38abc192a68d094c302d0
- SHA1
  
  9e88c5b957b45524690513b75d81dee259d5d599
- SHA256
  
  446000200eff4f9c20761ce1680902daba190c81a57154f4917b1741d7800e3c
- SHA512
  
  b48e85a17904a104eef573358763a0b1215eec96f72f83ff544d2dab22737bc42411ca505adf3f7e95c6f7e7997ad3e408f258093727105b678d5eee8d8e6278
- SSDEEP
  
  192:mNnXQprEE3vHosEWFt6F5SLdn93YUCzj7qUFVWsSCDLjcOq98sswY:WnXQphvHJFoFe93D2xVWsSCHZq98FwY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  7579ade7ae1747a31960a228ce02e666
- SHA1
  
  8ec8571a296737e819dcf86353a43fcf8ec63351
- SHA256
  
  564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
- SHA512
  
  a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  24KB
- MD5
  
  ef630cf1898c257df36b1037bd1e5392
- SHA1
  
  b2c47d9a741d2b5391387059552b37f2daddade2
- SHA256
  
  41776a77b4e3bba1c3e70d10b9f560248148b8f2c45d39d4cd8683754112860f
- SHA512
  
  986b405d723294ff5b3649f899bc048c5693bd386dc3f489b390ccb1d56e8e65a9dbe6d0863d553525ce93d505a162eaa087faf4b4c5133345c3330d01327211
- SSDEEP
  
  384:TzBnI67jSmHQvw+Bf4HD4Cza5Sh2ze7VW3Pvg5TEnzuomuHya93ld0Ac9khYLMkY:TtIajSmiw+iDLth2ze78PvgynzuzuSaf
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral13 behavioral14