General

  • Target

    0e3a3bc7a573daec9852a21607536d15_JaffaCakes118

  • Size

    112KB

  • Sample

    240625-qlg29ssckh

  • MD5

    0e3a3bc7a573daec9852a21607536d15

  • SHA1

    4f647f6e98bfd36286695edd09e2b720982632c0

  • SHA256

    939a036589dfb81f90138f79dcc94fbe7763484827c40d5882a718b0647ade02

  • SHA512

    0f73feba885654a6e65e0d6ab42a70dce97828b783eaad56902036c26a325bdd61477d13da4f8b11110fe05277f65d27a6e6155d97f112b0fb03923a4b26bf3c

  • SSDEEP

    3072:/SxfEnCkjXgJftTfQmwNhR5c+3IOCOeVqi6:/S9EPSoHcSTey

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0e3a3bc7a573daec9852a21607536d15_JaffaCakes118

    • Size

      112KB

    • MD5

      0e3a3bc7a573daec9852a21607536d15

    • SHA1

      4f647f6e98bfd36286695edd09e2b720982632c0

    • SHA256

      939a036589dfb81f90138f79dcc94fbe7763484827c40d5882a718b0647ade02

    • SHA512

      0f73feba885654a6e65e0d6ab42a70dce97828b783eaad56902036c26a325bdd61477d13da4f8b11110fe05277f65d27a6e6155d97f112b0fb03923a4b26bf3c

    • SSDEEP

      3072:/SxfEnCkjXgJftTfQmwNhR5c+3IOCOeVqi6:/S9EPSoHcSTey

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks