General

  • Target

    0f0215404ef8de4055fa8635c54237c7_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240625-wkcdaathmh

  • MD5

    0f0215404ef8de4055fa8635c54237c7

  • SHA1

    e1af87b9f999386bddf08ea4ac990072c0a83886

  • SHA256

    131546235480597f9aa2b37ded80369431e59462dded2ce256e103b9cbf91c5f

  • SHA512

    8a4343155fe7b42f680be1f62e858440a2b70a15888e37b83795caa9a00876dfdffad10f59e33c8aed3a293c9895791f25f6d162049630ccf14766e1a410b709

  • SSDEEP

    24576:UwX5IQqLYGqqPxQwok3I7/oThe2JiHniv7r7Aso9wmNeOHLhP9YeF:LzqNqnWTuijDfU/hPHF

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0f0215404ef8de4055fa8635c54237c7_JaffaCakes118

    • Size

      1.8MB

    • MD5

      0f0215404ef8de4055fa8635c54237c7

    • SHA1

      e1af87b9f999386bddf08ea4ac990072c0a83886

    • SHA256

      131546235480597f9aa2b37ded80369431e59462dded2ce256e103b9cbf91c5f

    • SHA512

      8a4343155fe7b42f680be1f62e858440a2b70a15888e37b83795caa9a00876dfdffad10f59e33c8aed3a293c9895791f25f6d162049630ccf14766e1a410b709

    • SSDEEP

      24576:UwX5IQqLYGqqPxQwok3I7/oThe2JiHniv7r7Aso9wmNeOHLhP9YeF:LzqNqnWTuijDfU/hPHF

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks