Overview

overview

10

Static

static

7

f0c17d413a...18.exe

windows7-x64

10

f0c17d413a...18.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    f0c17d413afa1ef2dbf74836cdef7f57_JaffaCakes118

  • Size

    223KB

  • Sample

    240921-2l4f2syalc

  • MD5

    f0c17d413afa1ef2dbf74836cdef7f57

  • SHA1

    8cdeceff9d732d5e0832b6460897b87eb8d910ec

  • SHA256

    759d950e1ebe7b6914dd31c15868f08869fb1bdffd47825caee0e50dbfce2929

  • SHA512

    774a2bb5f71baf3f56238fe5f6c76612fc709edba17c4ceabb25713731e29846ff8922eb71bfc7d3c92e9ada19b30284328de62c4643d0164ca0642469ebeaca

  • SSDEEP

    6144:w4bh4HjFWxReGMCqpZ5Nmph5aPEvv5S+Ir:wO6ceGipVUv5S+0

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      f0c17d413afa1ef2dbf74836cdef7f57_JaffaCakes118

    • Size

      223KB

    • MD5

      f0c17d413afa1ef2dbf74836cdef7f57

    • SHA1

      8cdeceff9d732d5e0832b6460897b87eb8d910ec

    • SHA256

      759d950e1ebe7b6914dd31c15868f08869fb1bdffd47825caee0e50dbfce2929

    • SHA512

      774a2bb5f71baf3f56238fe5f6c76612fc709edba17c4ceabb25713731e29846ff8922eb71bfc7d3c92e9ada19b30284328de62c4643d0164ca0642469ebeaca

    • SSDEEP

      6144:w4bh4HjFWxReGMCqpZ5Nmph5aPEvv5S+Ir:wO6ceGipVUv5S+0

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      27KB

    • MD5

      6f73b00aef6c49eac62128ef3eca677e

    • SHA1

      1b6aff67d570e5ee61af2376247590eb49b728a1

    • SHA256

      6eb09ce25c7fc62e44dc2f71761c6d60dd4b2d0c7d15e9651980525103aac0a9

    • SHA512

      678fc4bf7d345eeb99a3420ec7d0071eaba302845e93b48527d9a2a9c406709cc44ec74d6a889e25a8351a463803f8713a833df3a1707a5ad50db05240a32938

    • SSDEEP

      384:DZoRF0XXUuJReQg0Tw67ADWBTgmldIogUD3GLgFmyaX/fVYcWJQCDmrinogRdBl:DZaF0HtTwuz9yu3KgwRX1nWJ1q+noI

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      6e663f1a0de94bc05d64d020da5d6f36

    • SHA1

      c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

    • SHA256

      458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

    • SHA512

      2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

    • SSDEEP

      192:VsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mj8ozxGUWumle:VsUHd9GN2d2iwl0impATIPdAj8Ov6

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      36KB

    • MD5

      1cc87d2b5a79b18f133b4f944e2f2f74

    • SHA1

      98e0ddb727c76e06be1668434d754e5b80a0c154

    • SHA256

      de1177a4bd1c56c3555f366d40b37d7dd9cb25e16c4973d0a4d22bf9a8af7aed

    • SHA512

      d8fee1c09fef9af4e1f38baaffa3a6d059713b14ecad900815c086cc22855644fcdeacd6bba31ea6e6925831e650f7b0d34e6dea4c57a978fb4f5bf0cd6d72a9

    • SSDEEP

      384:JLmJwO50x66T9JOpOUT38YZvml7xoKdyuwlx8xSiorppugBwUdJopS:JW50hJwwUTsXdPwxvtpDtdJo

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b9f430f71c7144d8ff4ab94be2785aa6

    • SHA1

      c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

    • SHA256

      b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

    • SHA512

      c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

    • SSDEEP

      192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/TvGetVersion.dll

    • Size

      52KB

    • MD5

      d14463f96f8289dae95ad702638e3ea1

    • SHA1

      34d75662ed204569bed75de62de0b39610821589

    • SHA256

      e26e34e9f8425857827acaa59131448c0abab0ae2e2f0cebccd5191c81b84c70

    • SHA512

      1a9e9896da43b8c575b554f4a33887cdb0692cdc031820b4f7bce92c282995237298e0d2a3352f329abcacb04449ec14675eec65c7a55478f972247f24d6eecf

    • SSDEEP

      768:gmSu//P7Lkm3Mf+vU1MoT4S52kGRcZsFOO8YQh/tEyTReYfnaoyciGSQ+5HVth:gmSu//P7LkIvHKkoYQh1EJhrth

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      18KB

    • MD5

      113c5f02686d865bc9e8332350274fd1

    • SHA1

      4fa4414666f8091e327adb4d81a98a0d6e2e254a

    • SHA256

      0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

    • SHA512

      e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

    • SSDEEP

      192:5cdcpry0igQ1Ii1rzn6U4gbfW6irWP+vOg7XRSEi+OPLjte86jugnincl0Nr90Og:WqVibvTh4qnFP+OPEzinclP+

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      351b802508ee5462cbf7f35454a9dca6

    • SHA1

      7b9a1bc758e10af02124143680f636853b421da1

    • SHA256

      39275ee1767aac3ae0929a3e67a84a921610b45d5cfff3db1641893504d5c78d

    • SHA512

      6b0a4a500597fefaceb5eab79737d4f8dd253bb6bf8c263699314deda417763857b4407457d877b28f7a9c1f40a241d378ccae80c68541ff3f102eac8a6ff8d2

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      a272bc9b9df701ef76ed5faf08925b17

    • SHA1

      f2977303d12ba7af38dceb8e5e7ff1c15553211e

    • SHA256

      08b89132344dad1b0357ca0b442e9aaaff979e6a87b9603c19b86934f455285b

    • SHA512

      9ebb0c4b995309a40f1cee05967ef722972baa97b17194bb306fe7c01ea98c058d9485846c55e40601c17e7f2f73a8e5cd74cd9162a046fd4427dbfc7eb0501e

    • SSDEEP

      96:/6spqRy5AOEEQsh+WvDRH3spzQreUvhiT4uF3Telac1nIq4i:/Y0AOEMh+Wv9cZQKUvkTjlaB1nIqH

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/nsisFirewall.dll

    • Size

      8KB

    • MD5

      f5bf81a102de52a4add21b8a367e54e0

    • SHA1

      cf1e76ffe4a3ecd4dad453112afd33624f16751c

    • SHA256

      53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

    • SHA512

      6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

    • SSDEEP

      96:8SMPv+eLDUDp+weLv2lstU+0IgNB2Aa20kdArfOwJKbFrMiRsuHdRYL:wnxLDUwp6sgN2RDrzJMMmsuYL

    Score
    3/10
    discovery
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks