General

  • Target

    0e203b44a2c5c64eb52a71e078aeabd2_JaffaCakes118

  • Size

    560KB

  • Sample

    240625-py6qqatdlj

  • MD5

    0e203b44a2c5c64eb52a71e078aeabd2

  • SHA1

    018ffd44cf8eb8051107fbfd7e8d4ec43e01c2ca

  • SHA256

    5045fd8f1d16a64c86ec1afc9d7e5657c976058edf71012c00dc4b686ff12a84

  • SHA512

    c16a08810e1c8b3933633d5350d8501c5793634c5140e1ed25a39843999fbfc304978a4e28c12ed4f52e826f55b29fa1aafdeffb0e88fde99698eb7f25f11b72

  • SSDEEP

    12288:xCohgvf3psV6FrpjVSxALPKjApgJGzR93ge+k51Fsv:MGsZjjs6LPBSJGzR+e5I

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0e203b44a2c5c64eb52a71e078aeabd2_JaffaCakes118

    • Size

      560KB

    • MD5

      0e203b44a2c5c64eb52a71e078aeabd2

    • SHA1

      018ffd44cf8eb8051107fbfd7e8d4ec43e01c2ca

    • SHA256

      5045fd8f1d16a64c86ec1afc9d7e5657c976058edf71012c00dc4b686ff12a84

    • SHA512

      c16a08810e1c8b3933633d5350d8501c5793634c5140e1ed25a39843999fbfc304978a4e28c12ed4f52e826f55b29fa1aafdeffb0e88fde99698eb7f25f11b72

    • SSDEEP

      12288:xCohgvf3psV6FrpjVSxALPKjApgJGzR93ge+k51Fsv:MGsZjjs6LPBSJGzR+e5I

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks