Overview

overview

10

Static

static

3

ec534b1e47...18.exe

windows7-x64

10

ec534b1e47...18.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDIR/uac.dll

windows7-x64

3

$PLUGINSDIR/uac.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec534b1e4735cb1a5e433744f7d9afdc_JaffaCakes118

  • Size

    255KB

  • Sample

    241213-tmnszsvran

  • MD5

    ec534b1e4735cb1a5e433744f7d9afdc

  • SHA1

    315308e5c59147874ccf2fb715e7687b34a18a2a

  • SHA256

    deac8cda8716240891de34bbe884d239f10925955332be0a0507d247b076974f

  • SHA512

    02dae880c2a56714290674f48cd1985c7fd11791afc31a33dc2ef6fa9a6c20c443228779c030601c05240d001f83d5dd59ce644c36564b2843bb8fb779819887

  • SSDEEP

    6144:nmnIZJPXS3HF8ZJWGZ/f3rqqhVxnGMV+5T0OT5B1P0m:nmnwJP+HF8bWGZ/fbqQ/nxV+5T0O9B11

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      ec534b1e4735cb1a5e433744f7d9afdc_JaffaCakes118

    • Size

      255KB

    • MD5

      ec534b1e4735cb1a5e433744f7d9afdc

    • SHA1

      315308e5c59147874ccf2fb715e7687b34a18a2a

    • SHA256

      deac8cda8716240891de34bbe884d239f10925955332be0a0507d247b076974f

    • SHA512

      02dae880c2a56714290674f48cd1985c7fd11791afc31a33dc2ef6fa9a6c20c443228779c030601c05240d001f83d5dd59ce644c36564b2843bb8fb779819887

    • SSDEEP

      6144:nmnIZJPXS3HF8ZJWGZ/f3rqqhVxnGMV+5T0OT5B1P0m:nmnwJP+HF8bWGZ/fbqQ/nxV+5T0O9B11

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      67d8f4d5acdb722e9cb7a99570b3ded1

    • SHA1

      f4a729ba77332325ea4dbdeea98b579f501fd26f

    • SHA256

      fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

    • SHA512

      03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

    • SSDEEP

      192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      d16e06c5de8fb8213a0464568ed9852f

    • SHA1

      d063690dc0d2c824f714acb5c4bcede3aa193f03

    • SHA256

      728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531

    • SHA512

      60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      84KB

    • MD5

      fae3be7a9827eaa3ef9f43832805e110

    • SHA1

      0888a3ed318f17bf39e3c9af5848c965551b31a5

    • SHA256

      65aac0490feb6cb70ef76b39d3f08f61172dfce998fecf56a25c3f10d5c754a7

    • SHA512

      39d0496614a390c2e97636bd1d252c3cba8c0c28a7245f631cc7b7195bfe224cb176c97adbb92824df8db5e5340d5255171eabcac0da548385fed0d81578c6c2

    • SSDEEP

      1536:u8Cqsfjs/9/1EIilbXDlK3bvjcajr6SlbG:u8rsfj+99EIUXDobvAaySl6

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/uac.dll

    • Size

      16KB

    • MD5

      4e1c46e37af4b3ab0036cb1e85c81608

    • SHA1

      8424a551d819cdae44d95a80af24a502d7e25ac1

    • SHA256

      468d24e632789e5d2e740bf7b084d72e4e3784ebc19d77dfe4b3d866bec8d789

    • SHA512

      9a2e140238bc6e4492cfcd022930b4facb3ca61d498febce949b36b526ef5ab434d94d0811bf958f572d1cf141b4411fa7950551244926a93d69b68d8fd33df6

    • SSDEEP

      384:hY6sgOopYKegm5rDXLGt0NVHkGdeKjz3Ro:hYRgfYJgmFLdNVHkGd/z3R

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks