General
-
Target
1b37bb48318549674ac213c89064da57_JaffaCakes118
-
Size
168KB
-
Sample
240701-n6a4cazgpf
-
MD5
1b37bb48318549674ac213c89064da57
-
SHA1
c41e7b6d0ad50e22a245ea638e85a166ba56e48c
-
SHA256
fde297bebba2bad55b2eab5998b42a0e911fdb963cef32ae47bb7f17009da76c
-
SHA512
a47cd72c942c84a627244ec7e0066d3f179159532d2d43f0d14564498dacc765fe3bc35527d2d4d32f5a7ed93b277c7d3bfda75213455afd65e649cac491202f
-
SSDEEP
3072:T8NQKPWDyDReaJltZrpRnvz6ljkYxXPrQcYaUEYvq2j:wNSDyDRvthpZ6lgwPrHYayS2
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1b37bb48318549674ac213c89064da57_JaffaCakes118
-
Size
168KB
-
MD5
1b37bb48318549674ac213c89064da57
-
SHA1
c41e7b6d0ad50e22a245ea638e85a166ba56e48c
-
SHA256
fde297bebba2bad55b2eab5998b42a0e911fdb963cef32ae47bb7f17009da76c
-
SHA512
a47cd72c942c84a627244ec7e0066d3f179159532d2d43f0d14564498dacc765fe3bc35527d2d4d32f5a7ed93b277c7d3bfda75213455afd65e649cac491202f
-
SSDEEP
3072:T8NQKPWDyDReaJltZrpRnvz6ljkYxXPrQcYaUEYvq2j:wNSDyDRvthpZ6lgwPrHYayS2
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1