General
-
Target
8287e31b2b0818de95d3b5275a80f590_JaffaCakes118
-
Size
1.4MB
-
Sample
241031-kt4cksvfpf
-
MD5
8287e31b2b0818de95d3b5275a80f590
-
SHA1
7ce90a096a71f0ab419b9f1ddb0c21be4a44c8e6
-
SHA256
c872e64379225e0c90f893d16e6fb53ab29f3a37b446d6f0b9c018152b81d2c6
-
SHA512
f6d91a790f6f0fc1705317aa614adba44861eb3695dbd08a6fafd676706e2b4a3cbdfc3b62e1387bd722780942c9b605e0a617260d50794961f6d3200d3ad230
-
SSDEEP
24576:qOMMncFWt5ZQnrAdSgsbbucwtU9LjTP5rT2/2fVawuG//Yx5Jp+joOOv:qrST4rAIbItUdfR2/2fMwD//Yx5WMv
Static task
static1
Behavioral task
behavioral1
Sample
8287e31b2b0818de95d3b5275a80f590_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8287e31b2b0818de95d3b5275a80f590_JaffaCakes118
-
Size
1.4MB
-
MD5
8287e31b2b0818de95d3b5275a80f590
-
SHA1
7ce90a096a71f0ab419b9f1ddb0c21be4a44c8e6
-
SHA256
c872e64379225e0c90f893d16e6fb53ab29f3a37b446d6f0b9c018152b81d2c6
-
SHA512
f6d91a790f6f0fc1705317aa614adba44861eb3695dbd08a6fafd676706e2b4a3cbdfc3b62e1387bd722780942c9b605e0a617260d50794961f6d3200d3ad230
-
SSDEEP
24576:qOMMncFWt5ZQnrAdSgsbbucwtU9LjTP5rT2/2fVawuG//Yx5Jp+joOOv:qrST4rAIbItUdfR2/2fMwD//Yx5WMv
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6