General

  • Target

    0ddce57fc7ae9be6f9b74c9fd06c0258_JaffaCakes118

  • Size

    143KB

  • Sample

    240625-nc372awfkb

  • MD5

    0ddce57fc7ae9be6f9b74c9fd06c0258

  • SHA1

    ab68a976a87d77fd759e35b4903f1c7bf0ea7521

  • SHA256

    aae63244c132711304d1a8c3274e986d18f9961c43d4dfc654458855eca68f2d

  • SHA512

    d933947f6b70da268e5d26978e42a3af8aa0c03c8cd2a801ba6233d6e4c05c2bab417ab35500709af79f468e7498c96729fb1b077a741f6bd762f3e4707b3598

  • SSDEEP

    3072:uYNQKPWDyaRefVJltZrpRl1P3KzGP4N0NcJl5zwTJqK+hl:3NSDyaRO1thpaOIGwK+hl

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0ddce57fc7ae9be6f9b74c9fd06c0258_JaffaCakes118

    • Size

      143KB

    • MD5

      0ddce57fc7ae9be6f9b74c9fd06c0258

    • SHA1

      ab68a976a87d77fd759e35b4903f1c7bf0ea7521

    • SHA256

      aae63244c132711304d1a8c3274e986d18f9961c43d4dfc654458855eca68f2d

    • SHA512

      d933947f6b70da268e5d26978e42a3af8aa0c03c8cd2a801ba6233d6e4c05c2bab417ab35500709af79f468e7498c96729fb1b077a741f6bd762f3e4707b3598

    • SSDEEP

      3072:uYNQKPWDyaRefVJltZrpRl1P3KzGP4N0NcJl5zwTJqK+hl:3NSDyaRO1thpaOIGwK+hl

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks