General

  • Target

    11b1dd5697654fb7dc2d983d1a4c08fb_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240504-jdlxxsac54

  • MD5

    11b1dd5697654fb7dc2d983d1a4c08fb

  • SHA1

    1dc3168aadac5b264c7ea3d19c7e88b97920e408

  • SHA256

    4c10f8eecb31a238a20178cdc2b64af409c1a7b309f4afe6dce784118619f469

  • SHA512

    966335ae01b3985474856fb1b057d0565feae682359d5b2a85f11eb2d815535509448091a4212932296ac17416a6f2dac6ea141b9a03fa58f29998a3a7cf4af5

  • SSDEEP

    98304:YY8AK12/wb+84NoGyYfwQ8H2QHU02zwRdDJXQkZ1fj7AUrz:Y4EC84aGhfwQ8H2Q920ZV7Aa

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      数码资源网.url

    • Size

      244B

    • MD5

      305983ae6219bf10d517e168b3ebe5ea

    • SHA1

      b30177e0d7aa2c46843fa9c728c8a9319f34c6a1

    • SHA256

      a4a66ca6e527f6b5a344ec48235b21666f44d19f710ea5d75332e6a4263d027f

    • SHA512

      def75af02cb32b05d19cea6ac978941f93b659fc23a3d8ea29f60874c6875a08274403c125452bd14fc2e878e193eecca70b83f19c22881e3f9a8ab4f6afcb28

    Score
    1/10
    • Target

      辅助程序/功能程序/csrss.exe

    • Size

      3.7MB

    • MD5

      3df27a48a0a4d57b083a19d6e091355b

    • SHA1

      622bb18e094da566242ed68954d078b9f895559c

    • SHA256

      984540a91535e589856761e81215cf5635f5a236cc21bc73ea275924ee829231

    • SHA512

      4aa5270dde9054e058b99f6bed35c6e2aeaaf4c0610bd79985739c7173175399d10c9957892dc4b7225643eedf2e27a3a2a6db51ba4fcd11a1b3d264630c147b

    • SSDEEP

      98304:2VGeA6qMsw6x2TCjlsaNn5g8e3FEcRU/yGL:2kMr6xCc/N+8e3F/C/yQ

    Score
    1/10
    • Target

      辅助程序/过游戏保护/csrss.exe

    • Size

      1.2MB

    • MD5

      94dcf3d9a7cf1b9fa079d0e6f4f2ba5a

    • SHA1

      72f801de257841558356aae3710ec1e0c606fc8b

    • SHA256

      b23e7005b48679fa121cb99ccec15aa5e259c1b91c08a99490ccdb961e330b44

    • SHA512

      3bbd4086b97866b9f79d31b1f416bf188bb51bef88f87cb252fc91099ff51703c6eb65f1e40ff866157e306dc52274bba10bf703e1dde320a03705802b13a31c

    • SSDEEP

      12288:bcNMq4xG3b0RK5bzMjidw7JU6eUOMwFdVfZobi2a89ujY68aapv:bcD4s3wRQYj6gJU6pOMwFHmi9bOaov

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.