sality

Sharing

Copy URL

Twitter E-mail

General

Target

7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d_NeikiAnalytics.exe
Size

733KB
Sample

240629-hnhgtasgqe
MD5

0a1ad78b7445d452a8b9e30cc96f3e20
SHA1

0fb048733f46346a769a32a367e1d9341856899c
SHA256

7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d
SHA512

991be91a3a4eb44d31bc6f6cf638ee29aee42e8ea470b5ce546e63689f8cf874c377850239986b8f575ce947704028a6e2855c68c5726d8ccf9b7e5b974ffd08
SSDEEP

12288:baxvpA0aa6nJ6Jl3+4tdqoeBcVgaOZi85uGgGn47nX6SoJb0CbPcgIsHwrdU68qO:baQBnJgl3+42BcVtOZiDPG6KSm4CrcX8

Score

10^/10

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

- Target
  
  7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d_NeikiAnalytics.exe
- Size
  
  733KB
- MD5
  
  0a1ad78b7445d452a8b9e30cc96f3e20
- SHA1
  
  0fb048733f46346a769a32a367e1d9341856899c
- SHA256
  
  7ad39bfaf9ce17c54262523ec8c76e597f870b29226f40a10f8d4df03c308d4d
- SHA512
  
  991be91a3a4eb44d31bc6f6cf638ee29aee42e8ea470b5ce546e63689f8cf874c377850239986b8f575ce947704028a6e2855c68c5726d8ccf9b7e5b974ffd08
- SSDEEP
  
  12288:baxvpA0aa6nJ6Jl3+4tdqoeBcVgaOZi85uGgGn47nX6SoJb0CbPcgIsHwrdU68qO:baQBnJgl3+42BcVtOZiDPG6KSm4CrcX8
Score

10^/10

sality backdoor evasion trojan upx
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  d61d6c709e7947296603059f8bedeba9
- SHA1
  
  bdcfc90c358c82be43ef85727a7bdfebbd6d1b69
- SHA256
  
  65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63
- SHA512
  
  ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnL2bbBBIXwZ:5qi8BcyhEhLibbTI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  a6978ea99297c941d02d88fa873150d9
- SHA1
  
  4e1fd5c2f7291daef4d817b12bc7bfa432a90013
- SHA256
  
  a5c5012191015659684fc19b5e8ec7d33837b25c607f0f9dbfd46c10b8baeb17
- SHA512
  
  8caf697317e6f9e83bbb0ee15a87ec56be3b08aaea9f7fb64fa65dd111bcfde5a8d25c7ef58fa1aa464ba5f9d4e365d9d8d3763cda17b4f3223418adf9a25000
- SSDEEP
  
  96:g1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5YnhElMmV4d:4ep2w5k/FyEt2gN
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  da802677276c27b430cfb11c9da0bed2
- SHA1
  
  6893b15fdd34fae3d35bc5b01355a5a919dd9a7b
- SHA256
  
  756861c52304402a3fc2e0fc9f3ecc8ebb546916fc2812f1df5f2e63da1c5a82
- SHA512
  
  0b212788ccca336fe228335189ec3bd0dc207c296cf3b219a88511c44735f8e1913bf745699be0f29078a47adc0442e4ff891c0877541ccbcfa1ad5e4dc1b187
- SSDEEP
  
  192:XOycJo/rJVCmIDNLU0dq5RD00lspbub76HL:B/QQ0d0RD0USq/6H
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  8313b80c993dbf27b4b50d0a718f0913
- SHA1
  
  810972ca1b6587dbaf88192874bb9441db296429
- SHA256
  
  88829c8846c7059e499a15cb5abcddfcab63b56c19510d7a4cc418a4d9d742ba
- SHA512
  
  a53eda5f749102fa4ab1e8e916ad6fcc3e5563f28632f7b771413cdc6b3ec31d2d898ab3802ab047a8d8af5ebac445194a78ec38e7d20479e0f36cf8e81bb0df
Score

3^/10
behavioral10 behavioral9
- Target
  
  Delphi.NET/BIOSData/Zeal.MemAcc.pas
- Size
  
  4KB
- MD5
  
  4162eaba541682469b139845a599b7fa
- SHA1
  
  91378edf5f7923ad300c7340da99ee89a41a8e30
- SHA256
  
  f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
- SHA512
  
  d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
- SSDEEP
  
  96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Delphi.NET/Map/Zeal.MemAcc.pas
- Size
  
  4KB
- MD5
  
  4162eaba541682469b139845a599b7fa
- SHA1
  
  91378edf5f7923ad300c7340da99ee89a41a8e30
- SHA256
  
  f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
- SHA512
  
  d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
- SSDEEP
  
  96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Delphi.NET/MemTest/Zeal.MemAcc.pas
- Size
  
  4KB
- MD5
  
  4162eaba541682469b139845a599b7fa
- SHA1
  
  91378edf5f7923ad300c7340da99ee89a41a8e30
- SHA256
  
  f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
- SHA512
  
  d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
- SSDEEP
  
  96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Delphi.NET/PCI/Zeal.MemAcc.pas
- Size
  
  4KB
- MD5
  
  4162eaba541682469b139845a599b7fa
- SHA1
  
  91378edf5f7923ad300c7340da99ee89a41a8e30
- SHA256
  
  f8113b5ad57b8806d002dde2bb596e8ec663e35a4f76b4639818bc62df3f4bef
- SHA512
  
  d8f73ddeb847c57d7abdecd488498c6fa80e27f147e98f2f9f218b9953081795cdd0f86628dabab201fc9f846352f85654485c08f616deb4701537d8b4004ad2
- SSDEEP
  
  96:UTvt4nYLS2nsgrpMsSp1pd39sEzRKYPZdi1gIgQdmR+eR8xNlY/lQ0RZR90Q:Ev2nHskRL5tRZR90Q
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  MemAcc.bas
- Size
  
  4KB
- MD5
  
  888df58d9494d28133a32bed0021c7b9
- SHA1
  
  9d8b924f6ff6a9c4c38e4e3d40bbafe1fe4f29fb
- SHA256
  
  6174e3d3a0fd4f31b7910fcc46d271301ae51a2fb6ae84de7d538c703cf4e759
- SHA512
  
  9e4a3007515368b8c0897cd21c3332179d92d5903c276f8287bd803074637ca5f41032d73cc818eacf5860a39af345fe586551e7491b1d6fa0f917d0cb7377af
- SSDEEP
  
  96:EjrIXJp1s8fCte8nQbc4OhfizlCP19HWaNiIM6YRzuLZxSv:EMZbs8fCNnQQ4Cg73v
Score

1^/10
behavioral19 behavioral20
- Target
  
  MemAcc.chm
- Size
  
  169KB
- MD5
  
  a147cd9e5103697e3f485786b7da195a
- SHA1
  
  f686d395b3eecf513b2e1948c5f141b1f01db761
- SHA256
  
  fa5b1f5edfb01288386ac40e18dd4eecbe8c8533e4247926889a661a53aacab9
- SHA512
  
  35fd7cc413ae02a12e292b199ce0c66756c883565f0c656763a5f58000e97d3611f1c97a7aa2c59322a135c878fb6a1e7c4d575b92e9e749669b1c3351013014
- SSDEEP
  
  3072:5TKJnIOXCxKjON7JbmWve4T6XPvOsudxTR9oGQSZlEDI7jQ:5AIOXCxK2hmgheXXidhlQSZ2DYk
Score

1^/10
behavioral21 behavioral22
- Target
  
  MemAcc.pas
- Size
  
  3KB
- MD5
  
  25099c0b626e56b1497dc9d6fd574a89
- SHA1
  
  014ef98f2f6a25332925a027aa5f1c5ae3a0c647
- SHA256
  
  8f8ea098e0346865bdd3e5263feb1145439f661782b810831908d75adacc1c8e
- SHA512
  
  93fb2e97249d14817d5b788d1e235faea149b040683dde8431811543c8e56f04162c3bae1c192271a2d3f82ea59d4d16760d7ced94136f9299ef1c7f0319db21
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  MemAcc.pdf
- Size
  
  215KB
- MD5
  
  25ce1aa840894854c2ce0ed9a6bfa718
- SHA1
  
  e38ce0aacfbae37c325319d62a085327a680e2d0
- SHA256
  
  c403f8dbaf34897bb285ec891f0989f33c8ed36a4dc278996c6ac7d4a7ea7ccb
- SHA512
  
  e8177cb561259f05f30f0b4e08afeb52b7b8186610251460bd08c85b72891542c8c4c0db9f44e34957e7ee50853ce2c413d3257a0c7c3c6759f3f39af21fb9bb
- SSDEEP
  
  6144:05+mtFQUe23/ckJ+LDNBNYEUpGSDdTYhULhDHQCdLw:4+mPPe23/3IezGSDdTYhUVDH/U
Score

1^/10
behavioral25 behavioral26
- Target
  
  MemAcc.vb
- Size
  
  5KB
- MD5
  
  dada735ece043078b3baf4facb722fd9
- SHA1
  
  ce8448c86f2a0fd5da6c36275b166e1ced9d095a
- SHA256
  
  96365999210fbcb363886042246adff00df204fa272050eec715bde543ccc033
- SHA512
  
  90f44633017a281e62594feda8f86777e8d9fc0435a520c1010af9551342eb36cd32da0366ff1f3b76edde70bb175faff314a780a50bd48c8260b3cc9a2b5c24
- SSDEEP
  
  96:IzBmzitcvbhdK4O7sr0z9TnxcI4+M6G5E7VtX19jlhnxax:wtmw4YStE/lhnAx
Score

1^/10
behavioral27 behavioral28
- Target
  
  Redist/MemAcc.sys
- Size
  
  14KB
- MD5
  
  952a0d3b692314776b5e8eef1e9b5164
- SHA1
  
  c6259c0ac4fc341e3658f3e7bfb4fef6053d3c00
- SHA256
  
  a302435582ebe312c38dd309ae7e4cd445c447c7fae5d0d2c826c193fe3bf86f
- SHA512
  
  a1ade2c8902e5c9d1e3f72b5b46e61d655da836b5ecd974728350ea1e53d557efd29982b67bff24c158feaeae2e97b083ff7a8721da2540e34cee0d4f516b61b
- SSDEEP
  
  384:201FdpOU9e7Vl/S9aXcRedU67pezCGXTAOkucMl7SwMcEnKrVtQS0vdetz:JFdpOU9e7Vl/S9aXcRedU67pezClOkuz
Score

1^/10
behavioral29 behavioral30
- Target
  
  VB.NET/BIOSData/MemAcc.vb
- Size
  
  5KB
- MD5
  
  dada735ece043078b3baf4facb722fd9
- SHA1
  
  ce8448c86f2a0fd5da6c36275b166e1ced9d095a
- SHA256
  
  96365999210fbcb363886042246adff00df204fa272050eec715bde543ccc033
- SHA512
  
  90f44633017a281e62594feda8f86777e8d9fc0435a520c1010af9551342eb36cd32da0366ff1f3b76edde70bb175faff314a780a50bd48c8260b3cc9a2b5c24
- SSDEEP
  
  96:IzBmzitcvbhdK4O7sr0z9TnxcI4+M6G5E7VtX19jlhnxax:wtmw4YStE/lhnAx
Score

1^/10
behavioral31 behavioral32