General

  • Target

    0f1a48f8d3f49695f56dec690a5cc3f4_JaffaCakes118

  • Size

    283KB

  • Sample

    240625-w6tjpawbmb

  • MD5

    0f1a48f8d3f49695f56dec690a5cc3f4

  • SHA1

    f1fbd22f1b1a6348ccc6163d89d7034b6f1e3047

  • SHA256

    de84c71f5b81ffd761acdc89741a382101743bab97e6cd4aa142081870eb5630

  • SHA512

    30f21d6db2d1f3e48364cc2a56442a7dc4b4b09c12cf89b041a84286d9cc07be49bb5a589184552b104343f98413f3bbbeaccd6b0858ea744f57aa0be0eb59e1

  • SSDEEP

    6144:4IdcdP1EUU+nBdH6h3RgokhoqN5RN4JZ2c769/czyO7:zdcPEKmh3RRgN4Joc769kZ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0f1a48f8d3f49695f56dec690a5cc3f4_JaffaCakes118

    • Size

      283KB

    • MD5

      0f1a48f8d3f49695f56dec690a5cc3f4

    • SHA1

      f1fbd22f1b1a6348ccc6163d89d7034b6f1e3047

    • SHA256

      de84c71f5b81ffd761acdc89741a382101743bab97e6cd4aa142081870eb5630

    • SHA512

      30f21d6db2d1f3e48364cc2a56442a7dc4b4b09c12cf89b041a84286d9cc07be49bb5a589184552b104343f98413f3bbbeaccd6b0858ea744f57aa0be0eb59e1

    • SSDEEP

      6144:4IdcdP1EUU+nBdH6h3RgokhoqN5RN4JZ2c769/czyO7:zdcPEKmh3RRgN4Joc769kZ

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks