General

  • Target

    0e806b317ce29bb7d86a65c8ab33b9aa_JaffaCakes118

  • Size

    167KB

  • Sample

    240625-sdy2xswgre

  • MD5

    0e806b317ce29bb7d86a65c8ab33b9aa

  • SHA1

    8c41e2f2209267b04c74b8ebe6ed50540e74eec0

  • SHA256

    6b3cacd373f4d658b52d2d9350bd22921cf94be2d84e8d1870773d3e8f0ccd2d

  • SHA512

    7e544db9070ba9ac018d5d857ee71dadc931dbe70f40e584de90d843d96704b50b0cc7712e9416d424a6b5386599eb241c0360cdcfafae9878401aa26483be78

  • SSDEEP

    3072:L2NQKPWDyTRepJltZrpRSfHkUBf6RSQiM55qWqT:iNSDyTRothpQMUBfmSCq

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0e806b317ce29bb7d86a65c8ab33b9aa_JaffaCakes118

    • Size

      167KB

    • MD5

      0e806b317ce29bb7d86a65c8ab33b9aa

    • SHA1

      8c41e2f2209267b04c74b8ebe6ed50540e74eec0

    • SHA256

      6b3cacd373f4d658b52d2d9350bd22921cf94be2d84e8d1870773d3e8f0ccd2d

    • SHA512

      7e544db9070ba9ac018d5d857ee71dadc931dbe70f40e584de90d843d96704b50b0cc7712e9416d424a6b5386599eb241c0360cdcfafae9878401aa26483be78

    • SSDEEP

      3072:L2NQKPWDyTRepJltZrpRSfHkUBf6RSQiM55qWqT:iNSDyTRothpQMUBfmSCq

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks