General
-
Target
5c8de46ab5674f061b88a1462d790bc0_JaffaCakes118
-
Size
6.4MB
-
Sample
240520-b6zqgsdh87
-
MD5
5c8de46ab5674f061b88a1462d790bc0
-
SHA1
0556a9dbe67f0f1dfd2c8237ca61459037ef5f14
-
SHA256
e2f1be4902846deefee7eb4f0ab5c680dfb3d67ccb1e27bdeb0ff54c3fa93c81
-
SHA512
ca09d4945c4d89dd4b2899b9b28881ac7de19758bc136ccd3f10a101476a767929d7cae9290be12186c76929fdc468e38d1fead366948ec056a646bdf50fecb7
-
SSDEEP
196608:5eb+B5lI87vf86VJLlcxK88qXSkcQhGepiVN:5N5/0888qXFcoAN
Static task
static1
Behavioral task
behavioral1
Sample
ELTIMASerialSplitter/ssplitinst.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ELTIMASerialSplitter/ssplitinst.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
ELTIMASerialSplitter/下载说明.htm
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
ELTIMASerialSplitter/下载说明.htm
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
ELTIMASerialSplitter/使用帮助(河东软件园).url
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
ELTIMASerialSplitter/使用帮助(河东软件园).url
Resource
win10v2004-20240426-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ELTIMASerialSplitter/ssplitinst.exe
-
Size
6.4MB
-
MD5
21f124a12e8ea4e537ac519792be7eb0
-
SHA1
6522ddb1872be1e63eb1b97a65a4d556720c0922
-
SHA256
7c8aae4560527acaecdc848949f639c9ce086e335659839e84d48abb9bb6dac6
-
SHA512
857e3a0a12b2dab0900a2a48b5ab53b76c4c8237f682f6837cd71a9991e0a4261812bc76f69d21b655cc0a311eacdd2a2466aec57f21ec4a5a92c52feda0636f
-
SSDEEP
98304:AqYz9oGhVYAGKmL2LxJl8soC0OAax9M6oZFVIL5qIL/lL2Z4+AVW1DXEDQfB:AqYzthVcgfasoC0ix/oZFs/NQ4pMlXzB
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
ELTIMASerialSplitter/下载说明.htm
-
Size
3KB
-
MD5
9bd1ac9ead8eda95e8284f12ddba89e2
-
SHA1
44ad2b426711da0bc122d500b9117808385bd406
-
SHA256
54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8
-
SHA512
e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850
Score1/10 -
-
-
Target
ELTIMASerialSplitter/使用帮助(河东软件园).url
-
Size
216B
-
MD5
6a29fdd9a578559f631bd0c0919539f2
-
SHA1
7ba1e243d907b6893f798dbd6169ee057e4845e9
-
SHA256
6592450b9c9233d6d1a751020b3514bd20512d1224983c774e633ab2dee7b2c9
-
SHA512
6eee5fe42d1105523e0555ba90f6a98237293983238a80342a62bb7dc1cb1a5b00081a447ae3a0d36f67ace197f288315f816f6da9ea27457753efb625793cc1
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
6Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3