General

  • Target

    1047b311d084c19b076689dae93e9f01_JaffaCakes118

  • Size

    553KB

  • Sample

    240626-b1rgxszbrp

  • MD5

    1047b311d084c19b076689dae93e9f01

  • SHA1

    8cefe44eb6d07c29243a6c2040f93f87f5b82ebd

  • SHA256

    2f1bed6137d7251505d7db88436b3b14f5f937d90ff9bcbaafb6badee0e8a329

  • SHA512

    5a0e70686a7207b21b2939c0b28428d722feaf1a90b7a84cab6a2c0cb770c7801e0f3fec6f414e411578c3de0b65624dbf851f487c3cabfa147c58d4cec6be7b

  • SSDEEP

    6144:n0RrrqrQko9Ul/AdHbI9UcP6PL9o0oRPHkRyubDR1pNXBGAFDoAPnxhSgojv/aj4:n0Rrr9rlI91ipo0o7uTLxKAJhbIyj4

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      1047b311d084c19b076689dae93e9f01_JaffaCakes118

    • Size

      553KB

    • MD5

      1047b311d084c19b076689dae93e9f01

    • SHA1

      8cefe44eb6d07c29243a6c2040f93f87f5b82ebd

    • SHA256

      2f1bed6137d7251505d7db88436b3b14f5f937d90ff9bcbaafb6badee0e8a329

    • SHA512

      5a0e70686a7207b21b2939c0b28428d722feaf1a90b7a84cab6a2c0cb770c7801e0f3fec6f414e411578c3de0b65624dbf851f487c3cabfa147c58d4cec6be7b

    • SSDEEP

      6144:n0RrrqrQko9Ul/AdHbI9UcP6PL9o0oRPHkRyubDR1pNXBGAFDoAPnxhSgojv/aj4:n0Rrr9rlI91ipo0o7uTLxKAJhbIyj4

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks