General
-
Target
0fefb64acfe9401308fbfeca1e1012d6_JaffaCakes118
-
Size
485KB
-
Sample
240625-3jq9dazhng
-
MD5
0fefb64acfe9401308fbfeca1e1012d6
-
SHA1
006d0e07d98ff7b4bcd4d547f89d845bca5fc038
-
SHA256
5f58d74a1180ba3ff03b45ed9569a50067e080218bce87bb7e58e86f75c9b470
-
SHA512
5d6f47ba96c1521db4531baaf20761c8d51a60fa7206ae3ba5f9e3f3889765a5b45c434cbe0745e412fd78b81bd41b9ae5f27c18c911479951ae8e7ba6edf191
-
SSDEEP
12288:mjkArEN249AyE/rbaMct4bO2/VB9MS8+wdiJ:xFE//Tct4bOshq+wdiJ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0fefb64acfe9401308fbfeca1e1012d6_JaffaCakes118
-
Size
485KB
-
MD5
0fefb64acfe9401308fbfeca1e1012d6
-
SHA1
006d0e07d98ff7b4bcd4d547f89d845bca5fc038
-
SHA256
5f58d74a1180ba3ff03b45ed9569a50067e080218bce87bb7e58e86f75c9b470
-
SHA512
5d6f47ba96c1521db4531baaf20761c8d51a60fa7206ae3ba5f9e3f3889765a5b45c434cbe0745e412fd78b81bd41b9ae5f27c18c911479951ae8e7ba6edf191
-
SSDEEP
12288:mjkArEN249AyE/rbaMct4bO2/VB9MS8+wdiJ:xFE//Tct4bOshq+wdiJ
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1