General

  • Target

    0dc2297a95541712a366874006cd4169_JaffaCakes118

  • Size

    172KB

  • Sample

    240625-mpaktaxfrq

  • MD5

    0dc2297a95541712a366874006cd4169

  • SHA1

    dffaf7c64163b33dcef213eb018e41e57c1eba0e

  • SHA256

    e62b9dbe692daccb617504ced6c110ba5babd6cf3c3283ef240d8f2c8d18a94d

  • SHA512

    defd40a2893523703a0bbbc080692243ec80f9f3240801b674913c26578474a5b0aa5e6e4ddb4525959a71f2a9235991609fc28417ff106dd971be2f71c68411

  • SSDEEP

    3072:0TJCD548iJ/SDADeak7dJHB/AdGu8hnDxNzhr/4tt3oQypSV5wDficx8:0MGSsQLH5AdxoDnly3oQ21D6cx8

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0dc2297a95541712a366874006cd4169_JaffaCakes118

    • Size

      172KB

    • MD5

      0dc2297a95541712a366874006cd4169

    • SHA1

      dffaf7c64163b33dcef213eb018e41e57c1eba0e

    • SHA256

      e62b9dbe692daccb617504ced6c110ba5babd6cf3c3283ef240d8f2c8d18a94d

    • SHA512

      defd40a2893523703a0bbbc080692243ec80f9f3240801b674913c26578474a5b0aa5e6e4ddb4525959a71f2a9235991609fc28417ff106dd971be2f71c68411

    • SSDEEP

      3072:0TJCD548iJ/SDADeak7dJHB/AdGu8hnDxNzhr/4tt3oQypSV5wDficx8:0MGSsQLH5AdxoDnly3oQ21D6cx8

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks