General
-
Target
26087e776dfebb997068891030a37e66_JaffaCakes118
-
Size
221KB
-
Sample
240704-yf1anaxgne
-
MD5
26087e776dfebb997068891030a37e66
-
SHA1
c6484153ebc4e26c68b84d2724628ec3baba72f0
-
SHA256
6a156388360e9534dd3dac6e94860461ba54697d823a78eccbf9506d4e1da462
-
SHA512
1225d9997f4eb3ff33a0c6f95b9b124e57f79dbaccc9e8da6908a0985ed221f92222ad0847823a4d9b9cbbb4e687a6a253b3bca9bb8dff01636696327ecb579d
-
SSDEEP
6144:L+Y3Tor0/oFc8DTpu6PUv3LITR3FVH2VKNyY:L+qoi8DTkHv3M5
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
26087e776dfebb997068891030a37e66_JaffaCakes118
-
Size
221KB
-
MD5
26087e776dfebb997068891030a37e66
-
SHA1
c6484153ebc4e26c68b84d2724628ec3baba72f0
-
SHA256
6a156388360e9534dd3dac6e94860461ba54697d823a78eccbf9506d4e1da462
-
SHA512
1225d9997f4eb3ff33a0c6f95b9b124e57f79dbaccc9e8da6908a0985ed221f92222ad0847823a4d9b9cbbb4e687a6a253b3bca9bb8dff01636696327ecb579d
-
SSDEEP
6144:L+Y3Tor0/oFc8DTpu6PUv3LITR3FVH2VKNyY:L+qoi8DTkHv3M5
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1