General
-
Target
435bd45d28c5fe425dd21febfbe1a2d7_JaffaCakes118
-
Size
422KB
-
Sample
241014-v3pkws1cpj
-
MD5
435bd45d28c5fe425dd21febfbe1a2d7
-
SHA1
491762ce2213f16878b55108d2758753041a0fe1
-
SHA256
3424973fb80ae95fc5374bcc3fce55254e8338dc58c2a8bd97a63f3936d21f2c
-
SHA512
86eb8d747250d0cc6ffdbed4f5af56c909c148b12f9062c69cffa9954f258ece1826e13a2cec68ba40ed2f311d7f0a9fcd8b258cf5feaf9092a4ce27248d7b35
-
SSDEEP
12288:prr0mEfxPp2xhEdHORpR28h0z7/WhMr2VyvM+d:JS4Wdu528h6/WhMiYvM0
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
435bd45d28c5fe425dd21febfbe1a2d7_JaffaCakes118
-
Size
422KB
-
MD5
435bd45d28c5fe425dd21febfbe1a2d7
-
SHA1
491762ce2213f16878b55108d2758753041a0fe1
-
SHA256
3424973fb80ae95fc5374bcc3fce55254e8338dc58c2a8bd97a63f3936d21f2c
-
SHA512
86eb8d747250d0cc6ffdbed4f5af56c909c148b12f9062c69cffa9954f258ece1826e13a2cec68ba40ed2f311d7f0a9fcd8b258cf5feaf9092a4ce27248d7b35
-
SSDEEP
12288:prr0mEfxPp2xhEdHORpR28h0z7/WhMr2VyvM+d:JS4Wdu528h6/WhMiYvM0
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5