General

  • Target

    0eab7594d85a70dfec1ceb7012e1b30f_JaffaCakes118

  • Size

    5.3MB

  • Sample

    240625-tex2pazapb

  • MD5

    0eab7594d85a70dfec1ceb7012e1b30f

  • SHA1

    83b68f9d696fd567472ef078f4962abb3df2f62d

  • SHA256

    bdbc98d94a9dcd96d26859689912cf8f412b24e08d5a3c39d8b0c6927b1c183a

  • SHA512

    249035b72096ef8fe3349fac8b6fc60e1c344353506f17acab486363fdc84556bc41f6fd8f3a81b5a99e32e440b6023f5c12ab89c09400f4a605c885c351ec14

  • SSDEEP

    98304:UP445PtMNaewOBaKYfZYq64T2KK5OIu7CtEhSrXtBK1u/s5Hvz:c/54IJKYfZYqTJKQxOXzojlz

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0eab7594d85a70dfec1ceb7012e1b30f_JaffaCakes118

    • Size

      5.3MB

    • MD5

      0eab7594d85a70dfec1ceb7012e1b30f

    • SHA1

      83b68f9d696fd567472ef078f4962abb3df2f62d

    • SHA256

      bdbc98d94a9dcd96d26859689912cf8f412b24e08d5a3c39d8b0c6927b1c183a

    • SHA512

      249035b72096ef8fe3349fac8b6fc60e1c344353506f17acab486363fdc84556bc41f6fd8f3a81b5a99e32e440b6023f5c12ab89c09400f4a605c885c351ec14

    • SSDEEP

      98304:UP445PtMNaewOBaKYfZYq64T2KK5OIu7CtEhSrXtBK1u/s5Hvz:c/54IJKYfZYqTJKQxOXzojlz

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks