General
-
Target
e8c670494a31aec67e696d78ceeb1316_JaffaCakes118
-
Size
153KB
-
Sample
241212-3exkla1key
-
MD5
e8c670494a31aec67e696d78ceeb1316
-
SHA1
355dc433cdff0b7a2b61df0a8c421e2c0916ff41
-
SHA256
021aa7fb054b5f42c09df5d49e4c50251942749e5c35cbcd9afdd582d2c2cab6
-
SHA512
e1cae62f68ab042a8f2c4dccb10977827d315b5731649f688e0f7965aa56f2da161881130151689e80362e6459add7c710fa6ca98401dcf183c6e4e96da6fadb
-
SSDEEP
3072:723TS7hzP4bTr8VYezOMVlSF36g42eiPU131RbVoEhqdETCqCh0L:723TSJAbsVzVkFKgJs1/GEodpM
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e8c670494a31aec67e696d78ceeb1316_JaffaCakes118
-
Size
153KB
-
MD5
e8c670494a31aec67e696d78ceeb1316
-
SHA1
355dc433cdff0b7a2b61df0a8c421e2c0916ff41
-
SHA256
021aa7fb054b5f42c09df5d49e4c50251942749e5c35cbcd9afdd582d2c2cab6
-
SHA512
e1cae62f68ab042a8f2c4dccb10977827d315b5731649f688e0f7965aa56f2da161881130151689e80362e6459add7c710fa6ca98401dcf183c6e4e96da6fadb
-
SSDEEP
3072:723TS7hzP4bTr8VYezOMVlSF36g42eiPU131RbVoEhqdETCqCh0L:723TSJAbsVzVkFKgJs1/GEodpM
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2