sality

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_ae2e1cbf8477077d682a9e7882e80023
Size

442KB
Sample

250206-w4ac2avkfp
MD5

ae2e1cbf8477077d682a9e7882e80023
SHA1

68a8704904c4f7cd66f516f3b21a484ea689fe23
SHA256

4fa40060e1698c4f15b1fc6cacabe31e0de49e0092f4368be58d22e5d7c496c9
SHA512

6f51abc0c59c92c3af41c4ee151290a84a783deced7e5934bd6586a05aa54b673e1d69ea1eb88297d151dfb4a241b6976a421e3fc2fa23ad10da028eb49e6e63
SSDEEP

12288:UdTTlUxZuKpf5oIzrUXZCGs/5eBXv8J1Q0TGvqSRnQ:UdTTlGuK0IkXEGsh2f8J1Q0TGS0nQ

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  JaffaCakes118_ae2e1cbf8477077d682a9e7882e80023
- Size
  
  442KB
- MD5
  
  ae2e1cbf8477077d682a9e7882e80023
- SHA1
  
  68a8704904c4f7cd66f516f3b21a484ea689fe23
- SHA256
  
  4fa40060e1698c4f15b1fc6cacabe31e0de49e0092f4368be58d22e5d7c496c9
- SHA512
  
  6f51abc0c59c92c3af41c4ee151290a84a783deced7e5934bd6586a05aa54b673e1d69ea1eb88297d151dfb4a241b6976a421e3fc2fa23ad10da028eb49e6e63
- SSDEEP
  
  12288:UdTTlUxZuKpf5oIzrUXZCGs/5eBXv8J1Q0TGvqSRnQ:UdTTlGuK0IkXEGsh2f8J1Q0TGS0nQ
Score

10^/10

discovery sality backdoor defense_evasion persistence privilege_escalation trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Modifies Windows Firewall
  defense_evasion
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  UKHook40.dll
- Size
  
  184KB
- MD5
  
  263f34abe52cc36f112db4ad2fc53a05
- SHA1
  
  83b084a6c23cef12b2a3e1d563bdc76b31a2241c
- SHA256
  
  11326ab1d4a6db6cdaae23c16ee5543d8957afeb475ba6fabb207043915b4681
- SHA512
  
  774d3a4b468de64b4d80fe1310df92e05c54b1e01c1594d5eb6190a4b4f1ceb3b082fe85da0b3f4ddf964664c5c988248a083d6f893365754f77cb3969a41439
- SSDEEP
  
  3072:K1D43Cp0jUhZWVQJwXoBoGzv2KzoU1DwUkjpPlIo2SF:AUV5oBT7BoU1DQ
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  UniKey.exe
- Size
  
  204KB
- MD5
  
  3246d74d15fcf3d3da7bb58fad497321
- SHA1
  
  72d5fe36502611cc1f37625a58540122bc4d3401
- SHA256
  
  43db554d9f75bbf012035232ca21869c02a98fcee8c1564c5afbda496e9c0ba5
- SHA512
  
  5f2130075369b540762f9708904dbb148dec323a35697aead504852e5248919f88c7de06008e1ed11667cb262b929c71b6d4a28792b2cdb93e4378fbe1521536
- SSDEEP
  
  3072:sbpNtQGgGSTgC3O3pKicj2+cilWma71dTOo0hwV8tAvC1q:sPtQGgGSV3RiIJa71xO3SaA
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  ukfaq.htm
- Size
  
  24KB
- MD5
  
  796699abf7e3066aee796dc40e4d4b85
- SHA1
  
  06a40c69b48d23d5c192d07e7596af935b269328
- SHA256
  
  034481703a0b664a7f86660a67e54e7cc755cd90d57cfa4f4b8b3b7622ff126f
- SHA512
  
  e120d2edafb91a1848ff0521a53f2bbbcb99900998dd1ae67dd5d214c065c3bec82c068c1e7c97c8f6f2d52cd02b7b5d05941bf630ceeff422806b1186c3b984
- SSDEEP
  
  384:g10z1xhd2lVTgEuNSzLE9GgzFu1EmMJpIokAuJmpJlYeJwa4eNzzxkGtQwRZ6O4b:K8hcVTgEusnJKmr+u0H/bnR4b
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  ukmanual.htm
- Size
  
  55KB
- MD5
  
  b9f20348346972a5d2e113486bfbf414
- SHA1
  
  7299cadb4d9867ff85e0d8e1546d806da1e94872
- SHA256
  
  d9bb0d8692420454d0c3c33fd7a8e424a897f79c401b2445f46ed7e14b5c82b5
- SHA512
  
  3c9b32b6cb265edb90015ee51bd273d549ac1fe35392897746da016236c2acaac614b4bec9be0e1bbb29e9fa2618b613b27f9731e71e50d81d08dfa1a03258d5
- SSDEEP
  
  768:d39Lj+Ctu5LvK2hDjmSdjhxNaTzf9H+vyDzzJUWxkYlWjDQMqDnMxTv:d9DtqLHXtYH+mDlqD6Iz
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  uninst.exe
- Size
  
  115KB
- MD5
  
  193069df52ef63227279954dc84fa950
- SHA1
  
  f58b2dad8a53851441f12713db6bbaaf9bc30a5f
- SHA256
  
  5d361ff49eee93d54b0fbef78fc7caf5f84e76be8e253ab6795a347a05cf2f01
- SHA512
  
  2a468df39d6c18f8c1edfbf631293659d578412e9915fcda8b3dbd8a4ccda09ed06ebc570245c0dd7f17617e98c67e5b2c49b8234127349f8181fef60430b924
- SSDEEP
  
  3072:ODRXTx4jCI8JzAI0hq19dKg5DnLpI2YKE2t/0ZXS:Ueh9mKg5TlU2iZXS
Score

10^/10

discovery sality backdoor defense_evasion persistence privilege_escalation trojan upx
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Modifies Windows Firewall
  defense_evasion
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14