General

  • Target

    0f467a194027b62be21952621e35b7d8_JaffaCakes118

  • Size

    91KB

  • Sample

    240625-yb2b6a1drr

  • MD5

    0f467a194027b62be21952621e35b7d8

  • SHA1

    9cb68f2a2eb09f246d1ec73a05582990786436d9

  • SHA256

    41b96c69aeebe529a6bf45acdc4dee61a42c35d831ce1812486bb27d668adfd5

  • SHA512

    653fde7bee04be13e75cee29639ef116ef622a26e003c81d385da03f6f652a2e4ed11a640c21a867930bde877150d236db45a7e283c8fb9e5db4233b82613faf

  • SSDEEP

    1536:+ue7HnREK6qWAeuFrZT5W4IbDa8Op4f8z3P0zztQzABkWkAwIud9uqH:+ue7HREK6qlRFrzybDhE6FzxCABkWk1v

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0f467a194027b62be21952621e35b7d8_JaffaCakes118

    • Size

      91KB

    • MD5

      0f467a194027b62be21952621e35b7d8

    • SHA1

      9cb68f2a2eb09f246d1ec73a05582990786436d9

    • SHA256

      41b96c69aeebe529a6bf45acdc4dee61a42c35d831ce1812486bb27d668adfd5

    • SHA512

      653fde7bee04be13e75cee29639ef116ef622a26e003c81d385da03f6f652a2e4ed11a640c21a867930bde877150d236db45a7e283c8fb9e5db4233b82613faf

    • SSDEEP

      1536:+ue7HnREK6qWAeuFrZT5W4IbDa8Op4f8z3P0zztQzABkWkAwIud9uqH:+ue7HREK6qlRFrzybDhE6FzxCABkWk1v

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks