General

  • Target

    82cd3d9649e66591e2dd15f33eb7bb6d_JaffaCakes118

  • Size

    332KB

  • Sample

    241031-nf32faxenn

  • MD5

    82cd3d9649e66591e2dd15f33eb7bb6d

  • SHA1

    7bc52e97d2353651bee51de0a1c76de4df4ea644

  • SHA256

    6b3afd1a2de718cac017ad20ea7394a38f9d5c833e3b29bda43893da8f869ad1

  • SHA512

    511265be0fb6f17085a9193aa019bf458dc17df69896be555fea7e629c057e8ae4c9c7ca1755728d1984c5d04efbefb5d173d41c5cf7cc85de6628ca6b105d79

  • SSDEEP

    6144:Pn95LIF8AJzCtA0vc+JkdjSZVRTGSlGxEeseMcGAVR0V:PjLIF92E+yBe4WyEejMcXWV

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      82cd3d9649e66591e2dd15f33eb7bb6d_JaffaCakes118

    • Size

      332KB

    • MD5

      82cd3d9649e66591e2dd15f33eb7bb6d

    • SHA1

      7bc52e97d2353651bee51de0a1c76de4df4ea644

    • SHA256

      6b3afd1a2de718cac017ad20ea7394a38f9d5c833e3b29bda43893da8f869ad1

    • SHA512

      511265be0fb6f17085a9193aa019bf458dc17df69896be555fea7e629c057e8ae4c9c7ca1755728d1984c5d04efbefb5d173d41c5cf7cc85de6628ca6b105d79

    • SSDEEP

      6144:Pn95LIF8AJzCtA0vc+JkdjSZVRTGSlGxEeseMcGAVR0V:PjLIF92E+yBe4WyEejMcXWV

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks