General
-
Target
3fec7beb0bb04eda9471a3f66904c9a1_JaffaCakes118
-
Size
565KB
-
Sample
240713-dgfbnavfpg
-
MD5
3fec7beb0bb04eda9471a3f66904c9a1
-
SHA1
fd5de0ac82cd775ff31ceda3e6fea98b8dd7a234
-
SHA256
e0c1fe22fe6bbde2a4559eb66b64e9c760851baffb8ac6264a9d97ddfe42aee9
-
SHA512
a5a44d0a6b969e13ad6ba46f7f8872bc0a933a9e4987c2fb2890e1af4635451c22ee03841dbd025dd6d74a1f8d9158f5cfb1f7de1493940c485684a495516256
-
SSDEEP
6144:XL1QOc95ndnSGDmucVJ9/6+zX4AuEFjH51jz9SSYgsRFYNMb15NFX9kgwFJ7FV+:71QrdnbjcVJl6+L4AdxYLTZ5D9kXf7z+
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3fec7beb0bb04eda9471a3f66904c9a1_JaffaCakes118
-
Size
565KB
-
MD5
3fec7beb0bb04eda9471a3f66904c9a1
-
SHA1
fd5de0ac82cd775ff31ceda3e6fea98b8dd7a234
-
SHA256
e0c1fe22fe6bbde2a4559eb66b64e9c760851baffb8ac6264a9d97ddfe42aee9
-
SHA512
a5a44d0a6b969e13ad6ba46f7f8872bc0a933a9e4987c2fb2890e1af4635451c22ee03841dbd025dd6d74a1f8d9158f5cfb1f7de1493940c485684a495516256
-
SSDEEP
6144:XL1QOc95ndnSGDmucVJ9/6+zX4AuEFjH51jz9SSYgsRFYNMb15NFX9kgwFJ7FV+:71QrdnbjcVJl6+L4AdxYLTZ5D9kXf7z+
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1