General
-
Target
17bb8002285469fe22e5cde5e337f88e_JaffaCakes118
-
Size
164KB
-
Sample
240627-17v65awhmn
-
MD5
17bb8002285469fe22e5cde5e337f88e
-
SHA1
f97a60354a6956b4e2c691351a17260ae6308283
-
SHA256
b5adbe39e69899a1099e34bcd8e508b6b6469cf58630464fb415bd0ec8241a3e
-
SHA512
3d6c641b13143d078e90ce562d7c818c2462488e82304864704badc87f625a3f142c153b955508be8d49793a7376f2a1a6e916a372d994448860aa3b46b2b555
-
SSDEEP
3072:VJCD54diJkm4drKBqQXu/xvwAhTjjFxs:+udO8QoNTF+
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
17bb8002285469fe22e5cde5e337f88e_JaffaCakes118
-
Size
164KB
-
MD5
17bb8002285469fe22e5cde5e337f88e
-
SHA1
f97a60354a6956b4e2c691351a17260ae6308283
-
SHA256
b5adbe39e69899a1099e34bcd8e508b6b6469cf58630464fb415bd0ec8241a3e
-
SHA512
3d6c641b13143d078e90ce562d7c818c2462488e82304864704badc87f625a3f142c153b955508be8d49793a7376f2a1a6e916a372d994448860aa3b46b2b555
-
SSDEEP
3072:VJCD54diJkm4drKBqQXu/xvwAhTjjFxs:+udO8QoNTF+
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1