General
-
Target
c2b4f37593471aefe399b5e3c94d1f01_JaffaCakes118
-
Size
170KB
-
Sample
241204-qkrkba1qfk
-
MD5
c2b4f37593471aefe399b5e3c94d1f01
-
SHA1
46fdf8e2ab68e67ee1e590ded1afb55b98f9133f
-
SHA256
a55ab3511618e2258367f7fd43edc3f6a5f0303f859776159b10ba225f687586
-
SHA512
d054d345e47515d1ee75bbdfdb30d0866abe47228782023136ada29def8dedcccffb339a3f00c64b716e9bf16ccc5391c1652cbb34a28aca8e5f253831563172
-
SSDEEP
3072:uAl8VrBKdvttDzZ6gzppaISjwEjTPOtcrTRxy/EF:h8yZjogP7gwEjTJrTRaq
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c2b4f37593471aefe399b5e3c94d1f01_JaffaCakes118
-
Size
170KB
-
MD5
c2b4f37593471aefe399b5e3c94d1f01
-
SHA1
46fdf8e2ab68e67ee1e590ded1afb55b98f9133f
-
SHA256
a55ab3511618e2258367f7fd43edc3f6a5f0303f859776159b10ba225f687586
-
SHA512
d054d345e47515d1ee75bbdfdb30d0866abe47228782023136ada29def8dedcccffb339a3f00c64b716e9bf16ccc5391c1652cbb34a28aca8e5f253831563172
-
SSDEEP
3072:uAl8VrBKdvttDzZ6gzppaISjwEjTPOtcrTRxy/EF:h8yZjogP7gwEjTJrTRaq
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2