General
-
Target
d7bf70b1f33c5b408bfda2784b697bca_JaffaCakes118
-
Size
236KB
-
Sample
241208-sv6hbsxmez
-
MD5
d7bf70b1f33c5b408bfda2784b697bca
-
SHA1
bba2138c4ae4a4e9a368ba500502a1cc54efe5a6
-
SHA256
d431a05c07dd6dee94731e5696a171ab8b608f401c51e6bb3d5156120d599859
-
SHA512
7673605f57d7d1d014163a48ce8302af839985b4e6e0a37079bcf411394f8283e47f73e806c3a9c41d595ae1afe8903d0daccb5d05f050e287cd31f2d9715a4e
-
SSDEEP
6144:A9Z/3yGFInROS3y8n9GjITSuH1anRCJF9VRy:OZ/CGFCROEfSuHjJFVy
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
d7bf70b1f33c5b408bfda2784b697bca_JaffaCakes118
-
Size
236KB
-
MD5
d7bf70b1f33c5b408bfda2784b697bca
-
SHA1
bba2138c4ae4a4e9a368ba500502a1cc54efe5a6
-
SHA256
d431a05c07dd6dee94731e5696a171ab8b608f401c51e6bb3d5156120d599859
-
SHA512
7673605f57d7d1d014163a48ce8302af839985b4e6e0a37079bcf411394f8283e47f73e806c3a9c41d595ae1afe8903d0daccb5d05f050e287cd31f2d9715a4e
-
SSDEEP
6144:A9Z/3yGFInROS3y8n9GjITSuH1anRCJF9VRy:OZ/CGFCROEfSuHjJFVy
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5