General
-
Target
ee869e1ad96050dad4b9635e7e399322_JaffaCakes118
-
Size
233KB
-
Sample
240920-15agms1cje
-
MD5
ee869e1ad96050dad4b9635e7e399322
-
SHA1
182015043cd53cde62769ecd99a426a5cd372964
-
SHA256
d1dd2de9716290eadd64c02e5aa88a9c16a45aabc632aea3f188aac136cea023
-
SHA512
163c98375a9af3a7bd1a0d3bf3d0893dba186cf16beb0b63664e279bade276f27335939c5e9d4f8479dd9d5cc01b6137971c15ee33a4784e4cec3cb4a1d8b3cb
-
SSDEEP
3072:5m1dls3oCVukHsG3k6gJzViXH725iQPXwo9THI8Kuq:K30oCVukHsEvIS725bwuHI8A
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
ee869e1ad96050dad4b9635e7e399322_JaffaCakes118
-
Size
233KB
-
MD5
ee869e1ad96050dad4b9635e7e399322
-
SHA1
182015043cd53cde62769ecd99a426a5cd372964
-
SHA256
d1dd2de9716290eadd64c02e5aa88a9c16a45aabc632aea3f188aac136cea023
-
SHA512
163c98375a9af3a7bd1a0d3bf3d0893dba186cf16beb0b63664e279bade276f27335939c5e9d4f8479dd9d5cc01b6137971c15ee33a4784e4cec3cb4a1d8b3cb
-
SSDEEP
3072:5m1dls3oCVukHsG3k6gJzViXH725iQPXwo9THI8Kuq:K30oCVukHsEvIS725bwuHI8A
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5