General
-
Target
a2c688871791a442f671bf58781165e9_JaffaCakes118
-
Size
1.0MB
-
Sample
240817-q3qqqsydlh
-
MD5
a2c688871791a442f671bf58781165e9
-
SHA1
f9bb0492d513f016b3b8add6438f6992239931ae
-
SHA256
db29126030d3df106a8692664aa16eebcd484570a0d2dc84ed83e03fbae21edb
-
SHA512
a83cd8f48a8852d0c77709f087729f2d96e6e6a9c5a95f7a873a6acaeb16e522ad585a430f9a7205e5883bf85054a509a8f5fde0a91f3903e2a928a67bfb9e6c
-
SSDEEP
24576:7naIaWsxFJTCgae7DEdvOASOzqOIO2gX5evkS3rJQBtUkBgJ:7apDJTJDEZiOwXgJkinXBgJ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
a2c688871791a442f671bf58781165e9_JaffaCakes118
-
Size
1.0MB
-
MD5
a2c688871791a442f671bf58781165e9
-
SHA1
f9bb0492d513f016b3b8add6438f6992239931ae
-
SHA256
db29126030d3df106a8692664aa16eebcd484570a0d2dc84ed83e03fbae21edb
-
SHA512
a83cd8f48a8852d0c77709f087729f2d96e6e6a9c5a95f7a873a6acaeb16e522ad585a430f9a7205e5883bf85054a509a8f5fde0a91f3903e2a928a67bfb9e6c
-
SSDEEP
24576:7naIaWsxFJTCgae7DEdvOASOzqOIO2gX5evkS3rJQBtUkBgJ:7apDJTJDEZiOwXgJkinXBgJ
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5