General

  • Target

    ed1be334095442a3c384665ed2700f28_JaffaCakes118

  • Size

    845KB

  • Sample

    241213-2xwkkssmel

  • MD5

    ed1be334095442a3c384665ed2700f28

  • SHA1

    4c2514b3f0d74ab88cec436546e02f6eca5d38f3

  • SHA256

    70ae687d884cfc2cb9314e2bf5251b2be18a8f49665ee828d91f5a3b7072fa7b

  • SHA512

    42db75829cd522a02e4cce8ca15dbf108f3b9a9e90e04ea54b87a914b7a4ebe48a5638baa35a157edb615fac7904fdd3162265967e5eabc3368a3d62b73ee464

  • SSDEEP

    12288:vhkDgouV+2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4axrSsdrjD8k054W4QdIlb:1RAJkcoQricOIQxiZY1iahSqPD7Wulb

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      ed1be334095442a3c384665ed2700f28_JaffaCakes118

    • Size

      845KB

    • MD5

      ed1be334095442a3c384665ed2700f28

    • SHA1

      4c2514b3f0d74ab88cec436546e02f6eca5d38f3

    • SHA256

      70ae687d884cfc2cb9314e2bf5251b2be18a8f49665ee828d91f5a3b7072fa7b

    • SHA512

      42db75829cd522a02e4cce8ca15dbf108f3b9a9e90e04ea54b87a914b7a4ebe48a5638baa35a157edb615fac7904fdd3162265967e5eabc3368a3d62b73ee464

    • SSDEEP

      12288:vhkDgouV+2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4axrSsdrjD8k054W4QdIlb:1RAJkcoQricOIQxiZY1iahSqPD7Wulb

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks