Overview

overview

10

Static

static

3

d39dd3267b...18.exe

windows7-x64

3

d39dd3267b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d39dd3267bf68716de74aefb0d77be52_JaffaCakes118

  • Size

    136KB

  • Sample

    241207-zy7ywstmdy

  • MD5

    d39dd3267bf68716de74aefb0d77be52

  • SHA1

    2aa4e764bdd1cd582451dd7c16cd9b29b5831b03

  • SHA256

    e56a3676eafa628bcf4da91f427f251717ed1528636a52a96d15c0e8028e3742

  • SHA512

    9984b1bffdd946ffa15d6527f166afc086624b64878169806696089357c0797f03c587536911b2b2fb5750c11544c3e0c5aaaf93072f747cab82de327030d9f4

  • SSDEEP

    3072:OUSGRWweNizofJtSEhu6zyD3CJHF9WFnElFOL:SzweNJSquRD3QWmgL

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      d39dd3267bf68716de74aefb0d77be52_JaffaCakes118

    • Size

      136KB

    • MD5

      d39dd3267bf68716de74aefb0d77be52

    • SHA1

      2aa4e764bdd1cd582451dd7c16cd9b29b5831b03

    • SHA256

      e56a3676eafa628bcf4da91f427f251717ed1528636a52a96d15c0e8028e3742

    • SHA512

      9984b1bffdd946ffa15d6527f166afc086624b64878169806696089357c0797f03c587536911b2b2fb5750c11544c3e0c5aaaf93072f747cab82de327030d9f4

    • SSDEEP

      3072:OUSGRWweNizofJtSEhu6zyD3CJHF9WFnElFOL:SzweNJSquRD3QWmgL

    Score
    10/10
    discoverysalitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks