General

  • Target

    16d74f72935d863751d019917e32bf9c_JaffaCakes118

  • Size

    240KB

  • Sample

    241005-jwddhathnq

  • MD5

    16d74f72935d863751d019917e32bf9c

  • SHA1

    9f650e12b9f7905f4d210be7c50d359b600f955e

  • SHA256

    80ef9e6cc23d6a745c78ca09b9363255565b8d3dc02ab7bc6e83c95219f6c044

  • SHA512

    1bf11a10401e1ad5d4d69f69c68df8030738ceb8390bc553e7a1c3a3797d5825d29c31cf91671d8242b93d2d145e53001efe586ffdc5394b3beda3dae43af41c

  • SSDEEP

    6144:9Ta12CoCckAe8ABiO7AwnS35RTj21mPmJCOLqNV9Hw:Ck3duAw6THYmeJEV9Q

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      16d74f72935d863751d019917e32bf9c_JaffaCakes118

    • Size

      240KB

    • MD5

      16d74f72935d863751d019917e32bf9c

    • SHA1

      9f650e12b9f7905f4d210be7c50d359b600f955e

    • SHA256

      80ef9e6cc23d6a745c78ca09b9363255565b8d3dc02ab7bc6e83c95219f6c044

    • SHA512

      1bf11a10401e1ad5d4d69f69c68df8030738ceb8390bc553e7a1c3a3797d5825d29c31cf91671d8242b93d2d145e53001efe586ffdc5394b3beda3dae43af41c

    • SSDEEP

      6144:9Ta12CoCckAe8ABiO7AwnS35RTj21mPmJCOLqNV9Hw:Ck3duAw6THYmeJEV9Q

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks