General
-
Target
08b8e82732382ac877abbf5bb2993788_JaffaCakes118
-
Size
128KB
-
Sample
240620-xadn2awcpm
-
MD5
08b8e82732382ac877abbf5bb2993788
-
SHA1
dac51157b8983cca7e0fc94dc20340f11619cc6b
-
SHA256
087e94e61c87a4e8fc6688eff3cbd2c7009cf9d7b5cdb1f4c8da4eca68b6f7a7
-
SHA512
e823d2d8094090cc7fb244f45b9d36e63fbb60cfc4c706ac84d8ed148ec53c5272d7756aa74a6bbb60b845c332867ce8fd046264af840033511569d0fb2483b8
-
SSDEEP
3072:oYz6bP3tQlnl/e8on3wOd2psHUYi/yPmoCsmN:oASPGMnNd2+0YU1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
08b8e82732382ac877abbf5bb2993788_JaffaCakes118
-
Size
128KB
-
MD5
08b8e82732382ac877abbf5bb2993788
-
SHA1
dac51157b8983cca7e0fc94dc20340f11619cc6b
-
SHA256
087e94e61c87a4e8fc6688eff3cbd2c7009cf9d7b5cdb1f4c8da4eca68b6f7a7
-
SHA512
e823d2d8094090cc7fb244f45b9d36e63fbb60cfc4c706ac84d8ed148ec53c5272d7756aa74a6bbb60b845c332867ce8fd046264af840033511569d0fb2483b8
-
SSDEEP
3072:oYz6bP3tQlnl/e8on3wOd2psHUYi/yPmoCsmN:oASPGMnNd2+0YU1
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1