General

  • Target

    6b7b7e02845dcf494ba7d863d2c6f405_JaffaCakes118

  • Size

    131KB

  • Sample

    240724-n5574avejj

  • MD5

    6b7b7e02845dcf494ba7d863d2c6f405

  • SHA1

    25d6ddc32befca306701035812aab38a274d9602

  • SHA256

    dd7ca7da28e22a79895bfefd918e85fe6db830176b08eb541814cdae9e7ec5bc

  • SHA512

    a8520052506b15691a9280d081e3ffaead8cca438d45b45d24f22c65ff73bb81122247cf9f93d0739c71f346bec8ce3c2ad7f1f33b5fa6baab657ebe1d4c7cd4

  • SSDEEP

    1536:JxqjQ+P04wsmJCRIK5X6nh8O5h7i57m8P1GvBstWOI57zZiADyya8utKfBi2iDXm:sr85CRynWOEHastWPidyFutM02/

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      6b7b7e02845dcf494ba7d863d2c6f405_JaffaCakes118

    • Size

      131KB

    • MD5

      6b7b7e02845dcf494ba7d863d2c6f405

    • SHA1

      25d6ddc32befca306701035812aab38a274d9602

    • SHA256

      dd7ca7da28e22a79895bfefd918e85fe6db830176b08eb541814cdae9e7ec5bc

    • SHA512

      a8520052506b15691a9280d081e3ffaead8cca438d45b45d24f22c65ff73bb81122247cf9f93d0739c71f346bec8ce3c2ad7f1f33b5fa6baab657ebe1d4c7cd4

    • SSDEEP

      1536:JxqjQ+P04wsmJCRIK5X6nh8O5h7i57m8P1GvBstWOI57zZiADyya8utKfBi2iDXm:sr85CRynWOEHastWPidyFutM02/

    • Detect Neshta payload

    • Modifies firewall policy service

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks