General

  • Target

    0ec24f29093d03b3a21ec8f8536f9dd1_JaffaCakes118

  • Size

    212KB

  • Sample

    240625-tz5bha1bpc

  • MD5

    0ec24f29093d03b3a21ec8f8536f9dd1

  • SHA1

    bdb48e004e4a08c3957dee807dd24b07508ef263

  • SHA256

    fae4080626ad1a786ae76326160fa51f8055ca2d8914e7423bad811b671d5028

  • SHA512

    ffc61115ce92ec25740c870f099286cd4ae2da9449c5c99f193a3ce2c1035415ee1410aebe67e27aede35c1e391aa8df45b217bcb8b00e189925c2ccd0dc6573

  • SSDEEP

    6144:9g2V0vfMnnfTzOMFPfsSeLoi9+7tJMhoIJYF:9PcfMnn7dliLoikAhoI+F

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0ec24f29093d03b3a21ec8f8536f9dd1_JaffaCakes118

    • Size

      212KB

    • MD5

      0ec24f29093d03b3a21ec8f8536f9dd1

    • SHA1

      bdb48e004e4a08c3957dee807dd24b07508ef263

    • SHA256

      fae4080626ad1a786ae76326160fa51f8055ca2d8914e7423bad811b671d5028

    • SHA512

      ffc61115ce92ec25740c870f099286cd4ae2da9449c5c99f193a3ce2c1035415ee1410aebe67e27aede35c1e391aa8df45b217bcb8b00e189925c2ccd0dc6573

    • SSDEEP

      6144:9g2V0vfMnnfTzOMFPfsSeLoi9+7tJMhoIJYF:9PcfMnn7dliLoikAhoI+F

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks