General
-
Target
72588cf4cddc23d91b156c3c75744934_JaffaCakes118
-
Size
206KB
-
Sample
240726-dgtjaasdjp
-
MD5
72588cf4cddc23d91b156c3c75744934
-
SHA1
7bf38b2df8b12984d816e6c61434c6b7267e1041
-
SHA256
df1d179fb5398be6e93b0f26feda3f857da51553a4a7d8d75b4c8b08ddc12eb7
-
SHA512
4292345d7affe71e0f8ec6a25c3707b325025e3a94fef2fb34d4dba43a408c16adcf0c256242f9efa66c7fb264a51effb033e06e3120c22030d24baf424f4e9d
-
SSDEEP
3072:vO7QUA9HJmzSqPrEA7Fh4lzZsUtU3vrULUdoudj17tyFI6Vr7jzN/fbO8EDj:L9HOF3V/wDmAI6VjzZC
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
72588cf4cddc23d91b156c3c75744934_JaffaCakes118
-
Size
206KB
-
MD5
72588cf4cddc23d91b156c3c75744934
-
SHA1
7bf38b2df8b12984d816e6c61434c6b7267e1041
-
SHA256
df1d179fb5398be6e93b0f26feda3f857da51553a4a7d8d75b4c8b08ddc12eb7
-
SHA512
4292345d7affe71e0f8ec6a25c3707b325025e3a94fef2fb34d4dba43a408c16adcf0c256242f9efa66c7fb264a51effb033e06e3120c22030d24baf424f4e9d
-
SSDEEP
3072:vO7QUA9HJmzSqPrEA7Fh4lzZsUtU3vrULUdoudj17tyFI6Vr7jzN/fbO8EDj:L9HOF3V/wDmAI6VjzZC
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5