General
-
Target
0022a60fc97aeacb977d07bbd23bfea3_JaffaCakes118
-
Size
200KB
-
Sample
240619-x4xzrsseln
-
MD5
0022a60fc97aeacb977d07bbd23bfea3
-
SHA1
7de86f34d2ca81c4bab62b1734c3fd16703d049d
-
SHA256
b403d666c52a313b1edff8d4b7f55da774c7069dcb4f622526fd8ced713c5e59
-
SHA512
7fc9dd4b7d2eda93a2ae5d0bf4a7a0a1dc9c73f29f1392f87d0566e5c5578510e70124dd9463d0814374ea980a23b329aef5c7e1fc3f31c1ba001be661d0d71f
-
SSDEEP
3072:i9Pb3B2WXq85Xi+KxtAEyerA9XNh4K2DG+QCiYUMvvZAgBpJSb79V3Sz8LlYcLcY:i9Pb5a2i+vj5GxIUxi
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0022a60fc97aeacb977d07bbd23bfea3_JaffaCakes118
-
Size
200KB
-
MD5
0022a60fc97aeacb977d07bbd23bfea3
-
SHA1
7de86f34d2ca81c4bab62b1734c3fd16703d049d
-
SHA256
b403d666c52a313b1edff8d4b7f55da774c7069dcb4f622526fd8ced713c5e59
-
SHA512
7fc9dd4b7d2eda93a2ae5d0bf4a7a0a1dc9c73f29f1392f87d0566e5c5578510e70124dd9463d0814374ea980a23b329aef5c7e1fc3f31c1ba001be661d0d71f
-
SSDEEP
3072:i9Pb3B2WXq85Xi+KxtAEyerA9XNh4K2DG+QCiYUMvvZAgBpJSb79V3Sz8LlYcLcY:i9Pb5a2i+vj5GxIUxi
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1