General
-
Target
d3aea1e5936e0f0ea6f8d05756dedce0_JaffaCakes118
-
Size
115KB
-
Sample
241207-z9nz6avjbw
-
MD5
d3aea1e5936e0f0ea6f8d05756dedce0
-
SHA1
0eab24fc1acdd36beab16c3b513467608730a6ee
-
SHA256
bdf331ed979380b1418d24759b633a1526e190f787b14a72b181b5503511155a
-
SHA512
f1694542eac5aab7df1cba88b905aedc19e463728ba1d009a9acc36f6dc4eb04c38fc247a16b7ce2412f4e4fb9ab8ccd2b727cc56f34ff3c5cf37ad4d3b0056f
-
SSDEEP
3072:5jJEnbppQmJtRDBVl5FNuHM56oYFE5PX/S:5w6MD15CshQExX/S
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
d3aea1e5936e0f0ea6f8d05756dedce0_JaffaCakes118
-
Size
115KB
-
MD5
d3aea1e5936e0f0ea6f8d05756dedce0
-
SHA1
0eab24fc1acdd36beab16c3b513467608730a6ee
-
SHA256
bdf331ed979380b1418d24759b633a1526e190f787b14a72b181b5503511155a
-
SHA512
f1694542eac5aab7df1cba88b905aedc19e463728ba1d009a9acc36f6dc4eb04c38fc247a16b7ce2412f4e4fb9ab8ccd2b727cc56f34ff3c5cf37ad4d3b0056f
-
SSDEEP
3072:5jJEnbppQmJtRDBVl5FNuHM56oYFE5PX/S:5w6MD15CshQExX/S
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5