General
-
Target
015a4500757a41e223c70f19a3c9291a_JaffaCakes118
-
Size
113KB
-
Sample
240620-af42vayaqb
-
MD5
015a4500757a41e223c70f19a3c9291a
-
SHA1
d9f56431ba034fa5f48d942eede6689d5e0d9c5d
-
SHA256
41a3663c26d5f147d16a2c12f3155d49e2d12b384e5c6bc39ca09b9f9c37f759
-
SHA512
43757c2c807269a335bdac5e8314a29ad2c8f51eabd81169036b820784946dca7638e7258b80bdf68065028f70cd5f0c208fcc47cd0e6c7e793b6eb2e2fe4571
-
SSDEEP
3072:VSaKQJB/7UcatkTSVME2EzYjMPedHehOA:VqDkT4RkjMrR
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
015a4500757a41e223c70f19a3c9291a_JaffaCakes118
-
Size
113KB
-
MD5
015a4500757a41e223c70f19a3c9291a
-
SHA1
d9f56431ba034fa5f48d942eede6689d5e0d9c5d
-
SHA256
41a3663c26d5f147d16a2c12f3155d49e2d12b384e5c6bc39ca09b9f9c37f759
-
SHA512
43757c2c807269a335bdac5e8314a29ad2c8f51eabd81169036b820784946dca7638e7258b80bdf68065028f70cd5f0c208fcc47cd0e6c7e793b6eb2e2fe4571
-
SSDEEP
3072:VSaKQJB/7UcatkTSVME2EzYjMPedHehOA:VqDkT4RkjMrR
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1