Overview

overview

10

Static

static

3

69a1abf72e...18.exe

windows7-x64

10

69a1abf72e...18.exe

windows10-2004-x64

10

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

3

$PLUGINSDIR/mt.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$_12_/exte...ete.js

windows7-x64

3

$_12_/exte...ete.js

windows10-2004-x64

3

$_12_/exte...lon.js

windows7-x64

3

$_12_/exte...lon.js

windows10-2004-x64

3

$_12_/exte...art.js

windows7-x64

3

$_12_/exte...art.js

windows10-2004-x64

3

$_12_/exte...ver.js

windows7-x64

3

$_12_/exte...ver.js

windows10-2004-x64

3

$_12_/exte...plt.js

windows7-x64

3

$_12_/exte...plt.js

windows10-2004-x64

3

$_12_/exte...ref.js

windows7-x64

3

$_12_/exte...ref.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69a1abf72e139156db11fe97d335af60_JaffaCakes118

  • Size

    284KB

  • Sample

    240724-a67kna1gpf

  • MD5

    69a1abf72e139156db11fe97d335af60

  • SHA1

    d295a6cb874e5a5e4de2a5c74a76dc6e70cb5c2b

  • SHA256

    84a87dd084e36b8d75e627e159b44d02099461d9862659c4abbdc3ac6ce9296a

  • SHA512

    a583754d45b6700dbd3c4b60958c56f7d56de39469a0d30e379a90df9f2d021ca50de229b4ea9cc576e188546db6d50268132b58b0bb7b51f21edf339e4f270b

  • SSDEEP

    6144:aevN4q82soV8Bf+a2GWy4j0zGiTpiE+frpjF+q+o1f31qRH:7v82zV8BfWjbcpiE+frpjV+o1N6H

Score
10/10
salitybackdoordiscoveryevasionexecutionspywarestealertrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      69a1abf72e139156db11fe97d335af60_JaffaCakes118

    • Size

      284KB

    • MD5

      69a1abf72e139156db11fe97d335af60

    • SHA1

      d295a6cb874e5a5e4de2a5c74a76dc6e70cb5c2b

    • SHA256

      84a87dd084e36b8d75e627e159b44d02099461d9862659c4abbdc3ac6ce9296a

    • SHA512

      a583754d45b6700dbd3c4b60958c56f7d56de39469a0d30e379a90df9f2d021ca50de229b4ea9cc576e188546db6d50268132b58b0bb7b51f21edf339e4f270b

    • SSDEEP

      6144:aevN4q82soV8Bf+a2GWy4j0zGiTpiE+frpjF+q+o1f31qRH:7v82zV8BfWjbcpiE+frpjV+o1N6H

    Score
    10/10
    salitybackdoordiscoveryevasionspywarestealertrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/ExtractDLLEx.dll

    • Size

      7KB

    • MD5

      ba4063f437abb349aa9120e9c320c467

    • SHA1

      b045d785f6041e25d6be031ae2af4d4504e87b12

    • SHA256

      73acba7dd477dfd6cf4249911f4e3c781196c7cf6b28425761dcb2d4f90c36c5

    • SHA512

      48a813f55834069f8c6b90740de3df01564a136b0fe637f9f85cc1a19d7f32b1f70205ff2462526508fe3c1962d7c1e8e384c40463e328538aeba28e8d0fb92a

    • SSDEEP

      96:lyEPmi/06iLbX8SIP59L1MmqPbgkk/eWKCHGojGYYIF/ggiomsTeZUzI:lyEPmymbMbPZOz+/eWJmoUItiopTeZ

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InetLoad.dll

    • Size

      18KB

    • MD5

      994669c5737b25c26642c94180e92fa2

    • SHA1

      d8a1836914a446b0e06881ce1be8631554adafde

    • SHA256

      bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c

    • SHA512

      d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563

    • SSDEEP

      384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/Time.dll

    • Size

      10KB

    • MD5

      38977533750fe69979b2c2ac801f96e6

    • SHA1

      74643c30cda909e649722ed0c7f267903558e92a

    • SHA256

      b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    • SHA512

      e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    • SSDEEP

      192:oNcwTweFbs9t2n2Sgiga65/aHdaGZavaJIYX4Hw2:oNcwBFg22SEw47CPU

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/chrmPref.dll

    • Size

      192KB

    • MD5

      7f0311e7a551bc7b8d143eed7a3dd4be

    • SHA1

      21fbe119973116417dd8f2c276889bbeaa617e96

    • SHA256

      1b800e00d5536446fb6c6a7204c6412cf3ffaabde24eddae7da54a2ca0d1684e

    • SHA512

      a556de0d026ee4c0c9815c87f7bbe88bda3850e8c2ce6ea732e1f010f1351ce51740d08b8ada5ca568a5fa4f7fbdd6aaa755579bca86b55452e5eb70132e6423

    • SSDEEP

      3072:HfcZWRclPwoxpGmhnW0uCB9s1pBCfLVRH/KDouRaut4KQlY1Rk/5HqIXg:HfYaclPwoTGOufkf/WRVQlMRkMA

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/mt.dll

    • Size

      4KB

    • MD5

      f2bdd37ac7a7d471d4cdc556229329a4

    • SHA1

      82007b92f64c8fa16cd508f4593bca5b652d5047

    • SHA256

      7ecaf714d80650c51d72ff319d25626a65ad0ead31928822008c3d14ef4dcc33

    • SHA512

      2707b54f8bcd1be35f324a1ce95bd50d43e139b1e8646cd1b745f2fd39c41b3d85e7a5bdc1c4527cc5bf3fdf4dfd13ff92e8e999440a093252116042cd5ad98d

    • SSDEEP

      48:qPUQQDzlCWvfbAlPnK4ccH7IZiS1IJWISx1A871XlWzNG1Slwwxb4I7I:2QD5xkpnKz3ZrtxA87UxJZ4I7I

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/nsisos.dll

    • Size

      5KB

    • MD5

      69806691d649ef1c8703fd9e29231d44

    • SHA1

      e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    • SHA256

      ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    • SHA512

      5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    • SSDEEP

      48:6EyuygeHCfxwU5x+6kx/k1gONv27oBc2OkIrHHl:VeHCf2762kKsu7oGjkIrn

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $_12_/extensions/[email protected]/components/acplus-autocomplete.js

    • Size

      2KB

    • MD5

      955e772fd2a00e3ea5428485b7c6e196

    • SHA1

      f6d9febbc0cd79b8685492c172db052122f3c123

    • SHA256

      19674a5ebc880e0092e93290622ccd2a2038ddc5ef3048ba71188d66108b3682

    • SHA512

      c46f5132c7530942d8b41b22e9a6d25e9ebcf9869383e13291a63d9ce4f53990f65b99598f4d96b601ba110e1c13fd6ec48c3c24ccfe6ebda01551c03101880e

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      $_12_/extensions/[email protected]/content/babylon.xul

    • Size

      10KB

    • MD5

      97bf7cbf63dffeec117a1a7f788d71da

    • SHA1

      de488b10e24cf0317415687306abd4a8509e72d5

    • SHA256

      ee78d3958b513c1e7ebfeb18c8c7ea4c2c16d593f0eccb2df7ae712c9361a80c

    • SHA512

      302e7164690e0abf3d527ccd3dd918f62c8165300f33429615ad0b749e94efef68616af75c784273a6133c7a92cbd90d468fb413452d5c4b3cf5ca4a09eec091

    • SSDEEP

      192:KisNwLhd4jMEdYymsRT6Yu3MzN5Sra2a+8UzA3DIXBIbhEB7yCQRf3Ej9kt:KiyziXMx

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      $_12_/extensions/[email protected]/content/mtstart.js

    • Size

      12KB

    • MD5

      a64f4d489353642015663706ef663f60

    • SHA1

      a6b7151bad757b70c4a6de0f6a4bc211e15be564

    • SHA256

      6c911578bc6f941504b6de038e3cf8e4b47b9e76601c916e4441076d3c20bc38

    • SHA512

      06961eaeebf248b6160fe3c0ab17ec0982452340da8f64c3a82282cb40f1a42969b246f709b47ce74e4377341fc119942229644e72a63d2971dba6ea94d02ea5

    • SSDEEP

      192:7/LpCMXfeZSVbgml7OCk/0kGk/0r8c0JtSxNzc:TLEMXfeZSV8ml7OCk/vGk/jc0Jtw9c

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      $_12_/extensions/[email protected]/content/server.js

    • Size

      73B

    • MD5

      40fc171eb9969266735bdad5096a58d5

    • SHA1

      d079169c1c414e4f78390e53c3b6c01d78a49699

    • SHA256

      76593c3725ec6f72b531cfa873875c0f126b79af54e6bbe3f7716e255dfa2951

    • SHA512

      973dcac10bb7e1ae696a80220d27e40a8775017b4e46b71146a9dbb0737a108d2e23381f9f9243c72cf7aa67666a8b8531fd1f1bc187be83cdecd7b526359c81

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      $_12_/extensions/[email protected]/content/tmplt.js

    • Size

      7KB

    • MD5

      ae6b7bb925f76c14e06cce500ebbc8ca

    • SHA1

      61630e438c7e659409b2629a78c25bd7d3295184

    • SHA256

      fe078bc40ffc977388a1f93d81858e901addbf2239bef51f5fe5f2a29fef5d64

    • SHA512

      95928919c84c65108f80c587218d568380071f099b93180d1883642cf51873deb740381afa58b1a38cb84641fad1e815b21b0a065f5bdc95e0f7d3c0edb9f62c

    • SSDEEP

      96:ZJpFZ7+xMkgTXM7qp3NDBPFrpR1pvAiz8v9JVXA96wDsdUslRydFkbsqBuu7hqTN:Z3F+MtXMep3xBPFrpbRzzNa5cybExaPC

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      $_12_/extensions/[email protected]/defaults/preferences/instlPref.js

    • Size

      4B

    • MD5

      cb492b7df9b5c170d7c87527940eff3b

    • SHA1

      66928e6cbb59c3a3bce606959ef4a865fe04e642

    • SHA256

      dba5166ad9db9ba648c1032ebbd34dcd0d085b50023b839ef5c68ca1db93a563

    • SHA512

      ce677db6ae33c5496874a2902d30d361f6cf12576e96bd8a9f6626a0ca29f0b4f97e403e54711d24ebf34d4e183235a8f9951345d32a20f2dad476d911ee7e06

    Score
    3/10
    execution
    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

4
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

3
T1562.001

Modify Registry

5
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

salitybackdoordiscoveryevasionspywarestealertrojanupx
Score
10/10

behavioral2

salitybackdoordiscoveryevasionspywarestealertrojanupx
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10