General
-
Target
bcc6b6f39f59654cf33d51b39af92517_JaffaCakes118
-
Size
3.0MB
-
Sample
240823-xhwvkszhlf
-
MD5
bcc6b6f39f59654cf33d51b39af92517
-
SHA1
d6017823ecf8fca085cec4cf37413067ba871655
-
SHA256
9a33c8c4758bb98773bb4e0aa39d94ef06de247eb6f133bf0db0d295d26ef4a7
-
SHA512
404d82ba77b5557de06dbf568c5685f25d2d3664ef51977087ec62cc74605f2b9c60687724acbbc53f01d45ca740d5cfba2aea619d454df1a7236bee2cee157b
-
SSDEEP
49152:Avu9tkKMMdmYIudhBpL5wG6NfcFw7dXHGCTncHnOJVFFf33i:nkKXDoLHLFf3S
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bcc6b6f39f59654cf33d51b39af92517_JaffaCakes118
-
Size
3.0MB
-
MD5
bcc6b6f39f59654cf33d51b39af92517
-
SHA1
d6017823ecf8fca085cec4cf37413067ba871655
-
SHA256
9a33c8c4758bb98773bb4e0aa39d94ef06de247eb6f133bf0db0d295d26ef4a7
-
SHA512
404d82ba77b5557de06dbf568c5685f25d2d3664ef51977087ec62cc74605f2b9c60687724acbbc53f01d45ca740d5cfba2aea619d454df1a7236bee2cee157b
-
SSDEEP
49152:Avu9tkKMMdmYIudhBpL5wG6NfcFw7dXHGCTncHnOJVFFf33i:nkKXDoLHLFf3S
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2