General

  • Target

    0eb989cd3bea2488225b890d0566d5d8_JaffaCakes118

  • Size

    164KB

  • Sample

    240625-trljeszfpa

  • MD5

    0eb989cd3bea2488225b890d0566d5d8

  • SHA1

    1b6e55fbb5bcad3d0463fcff70ee0d02ef3c5dc9

  • SHA256

    25beefce7f8d9d5155691b92fc7894f4013684f67f18dd94f28840f4d0da324f

  • SHA512

    dbb81af480b82da02efb7b4d53ad8c750fb0df33e20e6220d9bfe091f87142a6064d0a9ec03e09b193e7e90a53a698fe6c11183bf74a7d13a9ee4bd1f6a1524a

  • SSDEEP

    3072:nkT6zOA0mX1K/dnAFGvokzPFv6fCLokClhlM3M:kGhK/9tv6w3CzO3M

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0eb989cd3bea2488225b890d0566d5d8_JaffaCakes118

    • Size

      164KB

    • MD5

      0eb989cd3bea2488225b890d0566d5d8

    • SHA1

      1b6e55fbb5bcad3d0463fcff70ee0d02ef3c5dc9

    • SHA256

      25beefce7f8d9d5155691b92fc7894f4013684f67f18dd94f28840f4d0da324f

    • SHA512

      dbb81af480b82da02efb7b4d53ad8c750fb0df33e20e6220d9bfe091f87142a6064d0a9ec03e09b193e7e90a53a698fe6c11183bf74a7d13a9ee4bd1f6a1524a

    • SSDEEP

      3072:nkT6zOA0mX1K/dnAFGvokzPFv6fCLokClhlM3M:kGhK/9tv6w3CzO3M

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks