General

  • Target

    0eb1657faddde5fc4bd339ed7aeb75d2_JaffaCakes118

  • Size

    96KB

  • Sample

    240625-tj6vdszcpd

  • MD5

    0eb1657faddde5fc4bd339ed7aeb75d2

  • SHA1

    c3f52241abe6c31df8efa0df25afa4faf5bfb4ed

  • SHA256

    f2921a330b7b0113e705f867973b7613fcbc40129a4f4e25da1e08bb0283dc80

  • SHA512

    59d0e3286a2d8254dffc8da92502ac4051a12deab04fc253c72792418e01dca386067bedbb6a6cac415a249981dc7cfa20c8a2622ad7d65e3987fac28190546d

  • SSDEEP

    3072:dokVANZKKgXb96xpoTBHq0atl9MUuSelE:6MQZKKgXbeoTBHq0arzuU

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      0eb1657faddde5fc4bd339ed7aeb75d2_JaffaCakes118

    • Size

      96KB

    • MD5

      0eb1657faddde5fc4bd339ed7aeb75d2

    • SHA1

      c3f52241abe6c31df8efa0df25afa4faf5bfb4ed

    • SHA256

      f2921a330b7b0113e705f867973b7613fcbc40129a4f4e25da1e08bb0283dc80

    • SHA512

      59d0e3286a2d8254dffc8da92502ac4051a12deab04fc253c72792418e01dca386067bedbb6a6cac415a249981dc7cfa20c8a2622ad7d65e3987fac28190546d

    • SSDEEP

      3072:dokVANZKKgXb96xpoTBHq0atl9MUuSelE:6MQZKKgXbeoTBHq0arzuU

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks