General
-
Target
69068d9101cefe5a72b06750906b142e_JaffaCakes118
-
Size
898KB
-
Sample
240522-3n66dsde69
-
MD5
69068d9101cefe5a72b06750906b142e
-
SHA1
2e57d616804253d1ec513193d629b0462cc40740
-
SHA256
dc71e4e40a6973e3185d7a5d5868b1aab357b3e80727d89a142106f328decb54
-
SHA512
4175a39d6014254d3ab3ac8cb7ac78e8523eaaee588a5e6c550ff0eefbe53ae626386a82784e83f0b125640305d6ca0180c078ef6bac2bb4b5f2d02ee50f812a
-
SSDEEP
24576:kniUoP2i4RO2lXPodb2lknS1VcKWob1uxjpZz:kn3U2iWbwb2lkS1aXopuxFh
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
小笨鸟万能论坛自动顶帖机软件 1.3破解版/小笨鸟万能论坛自动顶帖机软件1.3.exe
-
Size
2.4MB
-
MD5
bea30d48453f1e355a9696450bf5ff9f
-
SHA1
c535c02da7e6a4ea234da574c9d2a89ccdd72539
-
SHA256
54472feb835d6cfc4dfe0f661f904e60185984fb7711c8decef8cb9bd2bde1ae
-
SHA512
e4bfdb440a6a9a962d290ccaab52c8b9083cc7d10097d4e879010c0d0bae7e6fa4968f98f9d3542cdbc3ad6f507b75ad0d94d9150770b8f6cac5c33a4da2da62
-
SSDEEP
24576:0w34ZhrtzT3gkd3o8SxkSkI4z9OIu4d1KCH/CbtmmxUGUuH3GvNcW:0bhzDgkzu/2ruyJHanxUGUuXIX
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
-
-
Target
小笨鸟万能论坛自动顶帖机软件 1.3破解版/更多软件下载.url
-
Size
204B
-
MD5
94e540428ac8f3545fec78c2b3dd8c0e
-
SHA1
cd46c366b68af03fc8fa4fa097f9815d43e4c2e8
-
SHA256
357214eb50712a5c8663ef263c458cb4ebbbc27e64d73ab5e32c82f60a7b80c8
-
SHA512
3c7876c3a18e1ba98329392ac1b940c479552b361386ce3776622ae557e4d3d8cee045d162a614a302a603cb4615024258703e0652f41541e043fcf7ecdff539
Score1/10 -
-
-
Target
小笨鸟万能论坛自动顶帖机软件 1.3破解版/飘荡软件.url
-
Size
328B
-
MD5
e97aad722245bfc4a60be0e6f453be6f
-
SHA1
c7b7c9585109f71526ed65616668ef7573841d9a
-
SHA256
3f6b8de5ca595a2e7371396fcb22b303e0f664733aabc940657c33324d5f269a
-
SHA512
f151b723079fc09ac4b44c540b278b8c273f3958d5b661a6b30e31b119dca6d017ab0f987c52c60cc46e917ef9626e943971017d8e1dfe11c4cf27b93a2c772a
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Pre-OS Boot
1Bootkit
1