sality

General

Target

JaffaCakes118_85c92d8ac2e11e2769f0d22667afe63f
Size

256KB
Sample

250203-hvy35stqft
MD5

85c92d8ac2e11e2769f0d22667afe63f
SHA1

3ad47c3569d4d815d2f73111d7a67b6d1a14d1d8
SHA256

47f6ad8625735cfc195412ae5a878e02e8db6b06ea0a31dc12f1bd105feb0e81
SHA512

40564af5912a0fa955ea650a37ee8ac0b99e36766011a34b6ebd2ee45761274bfacf8d6a681395024e55963ae4d6db88d14feb3919fc86ca793ed41ae7e916fc
SSDEEP

6144:BzhZLUjD56i5v66oPku3gyBd8Hl3FmcjnU5DOfjZFmi:BzhJUjD56a0g4Y3FmynU5DOrZFmi

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  JaffaCakes118_85c92d8ac2e11e2769f0d22667afe63f
- Size
  
  256KB
- MD5
  
  85c92d8ac2e11e2769f0d22667afe63f
- SHA1
  
  3ad47c3569d4d815d2f73111d7a67b6d1a14d1d8
- SHA256
  
  47f6ad8625735cfc195412ae5a878e02e8db6b06ea0a31dc12f1bd105feb0e81
- SHA512
  
  40564af5912a0fa955ea650a37ee8ac0b99e36766011a34b6ebd2ee45761274bfacf8d6a681395024e55963ae4d6db88d14feb3919fc86ca793ed41ae7e916fc
- SSDEEP
  
  6144:BzhZLUjD56i5v66oPku3gyBd8Hl3FmcjnU5DOfjZFmi:BzhJUjD56a0g4Y3FmynU5DOrZFmi
Score

10^/10

sality backdoor defense_evasion discovery trojan upx
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  08e9796ca20c5fc5076e3ac05fb5709a
- SHA1
  
  07971d52dcbaa1054060073571ced046347177f7
- SHA256
  
  8165c7aef7de3d3e0549776535bedc380ad9be7bb85e60ad6436f71528d092af
- SHA512
  
  02618317d6ab0302324aae4d3c5fca56b21e68c899e211cfa9412cf73820a1f931e56753c904fd7e510c638b4463aedbfe9536790279e096ea0387b67013e0c4
- SSDEEP
  
  96:/Uspq2y5jOEEQrhySvUgfj74/vvrTBzfYZA4YF3Telac1nIq/2:/erjOELhySv5f2vvBjiAflaB1nIq
Score

3^/10

discovery
behavioral5 behavioral6