General

  • Target

    0e415056d9614dcf5d44c083a32703c8_JaffaCakes118

  • Size

    97KB

  • Sample

    240625-qr37paseqe

  • MD5

    0e415056d9614dcf5d44c083a32703c8

  • SHA1

    3e43c5a41ac146b734dc8a19a9a7e8e8c9da1359

  • SHA256

    164dbcc3fe4aedc5069087215cbe749d93be7185acc01135eea4d58d19e01967

  • SHA512

    ddbf8d268e2dcd89db730c02e84c6e15c3abb64ca4ae41e38d87c2b7e1939e85d0e54ab3c0c1a46d91f1784794f40641ae12f75d898579d27946169b1064d81c

  • SSDEEP

    1536:m3HQyPv0hgGVqAjoRSWFryFz4aH3iPZwMWkeHXuJCLw:kO50uJ/H3kZYkgaUw

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0e415056d9614dcf5d44c083a32703c8_JaffaCakes118

    • Size

      97KB

    • MD5

      0e415056d9614dcf5d44c083a32703c8

    • SHA1

      3e43c5a41ac146b734dc8a19a9a7e8e8c9da1359

    • SHA256

      164dbcc3fe4aedc5069087215cbe749d93be7185acc01135eea4d58d19e01967

    • SHA512

      ddbf8d268e2dcd89db730c02e84c6e15c3abb64ca4ae41e38d87c2b7e1939e85d0e54ab3c0c1a46d91f1784794f40641ae12f75d898579d27946169b1064d81c

    • SSDEEP

      1536:m3HQyPv0hgGVqAjoRSWFryFz4aH3iPZwMWkeHXuJCLw:kO50uJ/H3kZYkgaUw

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks