General

  • Target

    0e6fa45ff676600822f3f7d6fa97e21c_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240625-rx789sydkr

  • MD5

    0e6fa45ff676600822f3f7d6fa97e21c

  • SHA1

    cfc9b5c6fd891e50a1b530d8353b15e62c1788f9

  • SHA256

    514337d70563e1c295af6d0a6f14aab6c9766a3a428b1ea6da618698f80cc267

  • SHA512

    cb5d1faf9965821bb0e7ece5e4764a7174468456a5ec2939f7d9bd5e8ab97d7951298e7c126fedc6030ce4640791cc523de101af00b6bdf65a8d85efa6336a80

  • SSDEEP

    49152:SjDT1sTYd07BwN3LaJrDTLTgXbTTYkyBdWG2TnLCEE:SymN3WJoEkyvr

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      0e6fa45ff676600822f3f7d6fa97e21c_JaffaCakes118

    • Size

      1.5MB

    • MD5

      0e6fa45ff676600822f3f7d6fa97e21c

    • SHA1

      cfc9b5c6fd891e50a1b530d8353b15e62c1788f9

    • SHA256

      514337d70563e1c295af6d0a6f14aab6c9766a3a428b1ea6da618698f80cc267

    • SHA512

      cb5d1faf9965821bb0e7ece5e4764a7174468456a5ec2939f7d9bd5e8ab97d7951298e7c126fedc6030ce4640791cc523de101af00b6bdf65a8d85efa6336a80

    • SSDEEP

      49152:SjDT1sTYd07BwN3LaJrDTLTgXbTTYkyBdWG2TnLCEE:SymN3WJoEkyvr

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks