General
-
Target
8f02e3b225331fde3f03f5782b33960d_JaffaCakes118
-
Size
91KB
-
Sample
241104-eejfzatcrm
-
MD5
8f02e3b225331fde3f03f5782b33960d
-
SHA1
2bb40abb5163864cb4b9155958928840f7cec553
-
SHA256
b23eb67f2a60e8eab81134c5f931c5076954fd4e667ca55354a30a761e531a77
-
SHA512
1c1cd2944ac62576521cf95237518bd74c613a2ce3c230155acddebc681e1fe68122f51068374d5d3ac568b295435491ff74f4063ff6af34ff1f76139358c8a7
-
SSDEEP
1536:9aqnNzHCL1xMk0LvmkhaYbdjB6D570hSbglaz4Hhzhopbk88xisZrlI2qCwW:TgH0KkgYbdADTaDYNkPZrlIAf
Behavioral task
behavioral1
Sample
8f02e3b225331fde3f03f5782b33960d_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8f02e3b225331fde3f03f5782b33960d_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8f02e3b225331fde3f03f5782b33960d_JaffaCakes118
-
Size
91KB
-
MD5
8f02e3b225331fde3f03f5782b33960d
-
SHA1
2bb40abb5163864cb4b9155958928840f7cec553
-
SHA256
b23eb67f2a60e8eab81134c5f931c5076954fd4e667ca55354a30a761e531a77
-
SHA512
1c1cd2944ac62576521cf95237518bd74c613a2ce3c230155acddebc681e1fe68122f51068374d5d3ac568b295435491ff74f4063ff6af34ff1f76139358c8a7
-
SSDEEP
1536:9aqnNzHCL1xMk0LvmkhaYbdjB6D570hSbglaz4Hhzhopbk88xisZrlI2qCwW:TgH0KkgYbdADTaDYNkPZrlIAf
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
4