General
-
Target
42722c04aaa0d8b5d68dbdf58f362acd_JaffaCakes118
-
Size
217KB
-
Sample
240713-tv7aasyarm
-
MD5
42722c04aaa0d8b5d68dbdf58f362acd
-
SHA1
fb056835cc96af84f8cff54a9030eefb5204ea13
-
SHA256
5e2dca1e955e8ab0bf82195b6db88acd26c5beefe66b787b26289d3b2d0b9c16
-
SHA512
639bff6c50c7d06f6fbeb16633da1d9e13c7dde29f6cdfa2d6eb441149cf387c73f8abc05acddac98588956705894d2c02ab7a66d8b31f019d564377a9a9f00a
-
SSDEEP
6144:R5+uAZcR/6TkINwlbhraV/nTRWXSl407d:R5sC1/r8RWa7d
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
42722c04aaa0d8b5d68dbdf58f362acd_JaffaCakes118
-
Size
217KB
-
MD5
42722c04aaa0d8b5d68dbdf58f362acd
-
SHA1
fb056835cc96af84f8cff54a9030eefb5204ea13
-
SHA256
5e2dca1e955e8ab0bf82195b6db88acd26c5beefe66b787b26289d3b2d0b9c16
-
SHA512
639bff6c50c7d06f6fbeb16633da1d9e13c7dde29f6cdfa2d6eb441149cf387c73f8abc05acddac98588956705894d2c02ab7a66d8b31f019d564377a9a9f00a
-
SSDEEP
6144:R5+uAZcR/6TkINwlbhraV/nTRWXSl407d:R5sC1/r8RWa7d
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1