sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9e1fc2025ee07b383353b07b44bb5df1
Size

258KB
Sample

250205-lbzr4szngz
MD5

9e1fc2025ee07b383353b07b44bb5df1
SHA1

423562d464799b06bcaff6a8bc92ab546976ce42
SHA256

36be331d0ef90bc33b66ff764d4571b59fad3878a4cb57e8e917ec2a26873da8
SHA512

eadbbe0901de99cfe7be4cb6d33c204725a845289b936e888ff75c2baf16858471e70b905e41dc39224e7afbc3136105950945ec9541db4c5eea7f9f3997381b
SSDEEP

6144:qQBg1suJmdX/520h98sgrD67LRjtX6t1pcJGUg1ZoNj:41/JY/5SrD2LRpK1c8UgzM

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  JaffaCakes118_9e1fc2025ee07b383353b07b44bb5df1
- Size
  
  258KB
- MD5
  
  9e1fc2025ee07b383353b07b44bb5df1
- SHA1
  
  423562d464799b06bcaff6a8bc92ab546976ce42
- SHA256
  
  36be331d0ef90bc33b66ff764d4571b59fad3878a4cb57e8e917ec2a26873da8
- SHA512
  
  eadbbe0901de99cfe7be4cb6d33c204725a845289b936e888ff75c2baf16858471e70b905e41dc39224e7afbc3136105950945ec9541db4c5eea7f9f3997381b
- SSDEEP
  
  6144:qQBg1suJmdX/520h98sgrD67LRjtX6t1pcJGUg1ZoNj:41/JY/5SrD2LRpK1c8UgzM
Score

10^/10

discovery sality backdoor defense_evasion persistence privilege_escalation trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Modifies Windows Firewall
  defense_evasion
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/EBanner.dll
- Size
  
  5KB
- MD5
  
  cce7bc13dbc3faea7769fcf7727eb19f
- SHA1
  
  59633ed1adc02235ca058883534ff36be4fb3f37
- SHA256
  
  dd519ae6d7fd6df0c32db834df215df2fe7c1d044b800922a58da7f4f00b95ab
- SHA512
  
  21e4a8ecd383d59ef24f590367328248d21c7fe452fc5c3a42ec597f920e79caf6a8047babb9fb44d2cca8329dd7d14b39cf13a0934aee409fa5bdd7c2e4f121
- SSDEEP
  
  96:9agsHJMYSzHl+I3tFGLafz6Dy/qCWDIH7:9DspmHlv3Lnf0yiCmIH7
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc3.dll
- Size
  
  25KB
- MD5
  
  9d8ce05f532dc7b5742831ec8a63c2d8
- SHA1
  
  b014365f723c78a84bcdf8a46cfa016eb2b8dbc5
- SHA256
  
  fcc46c2e60931a76fe529a9fa5a85ba2f4bf7907d651161f92fc524ac4747982
- SHA512
  
  98f268bebf0c82d019873a7b109e1822011c0532e6a6d8ba94d2b8a918d9558f4db89100b6ee357c9c510ff56adc349e619489fd7e8d21e7f826877185ede3fe
- SSDEEP
  
  384:Aj+e6b0GUi0VV/0BiYkUm4i+Hr4Bc+AmPiMUTMF620Ac9khYLMkIX0+G2CykiDM:Aj+e6byNskUbi+Ly8xMSMj4
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/linker.dll
- Size
  
  6KB
- MD5
  
  8450b29ee8d592c208ba1aaf6ee50267
- SHA1
  
  75096da057bc85cef63bb0eec168652ea75cf618
- SHA256
  
  53aa57e582dc56421c1191a0a9efac9c36960b903b7d825f3b9682605ec2b612
- SHA512
  
  d23a3057053a1f36f5eb212ae0b09b9b0b41e50b8a6a20bbc46c12c51199ad0bca741bcce17534488158e8f2b9470dbdac2aa059688b7588a05778c40d461039
- SSDEEP
  
  48:q/XgJspkvsIWyuS3fyVLkmqbIWXGuDNcGo+FLtLFSfrPIk2vIhll:4gJsFIWjS3qVomqIixo+9tLFUr4vMl
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral13 behavioral14