General
-
Target
f014f0c2253586d69d51202d776b3616_JaffaCakes118
-
Size
100KB
-
Sample
241214-wzqjfsskcl
-
MD5
f014f0c2253586d69d51202d776b3616
-
SHA1
b14e6bebf7353bf1835778b494cce99b59f58a67
-
SHA256
ef9b2222046c7da60398e69b1aada5c4816ab20180cc898b9079477f469bdba1
-
SHA512
9125ff882ecc6010d317c7406009f9c4a8a5e059f5708b6d71b3305841cdc6a189192d15c8fd017e24ddaeae5db8ab59b6780db29128cebf94faab32a37d2571
-
SSDEEP
3072:9OTOBP4K3mIH5N7N1CmbxEOueu3Eqg23Qh8lAv:9OyBJm2txDueuU8SeA
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f014f0c2253586d69d51202d776b3616_JaffaCakes118
-
Size
100KB
-
MD5
f014f0c2253586d69d51202d776b3616
-
SHA1
b14e6bebf7353bf1835778b494cce99b59f58a67
-
SHA256
ef9b2222046c7da60398e69b1aada5c4816ab20180cc898b9079477f469bdba1
-
SHA512
9125ff882ecc6010d317c7406009f9c4a8a5e059f5708b6d71b3305841cdc6a189192d15c8fd017e24ddaeae5db8ab59b6780db29128cebf94faab32a37d2571
-
SSDEEP
3072:9OTOBP4K3mIH5N7N1CmbxEOueu3Eqg23Qh8lAv:9OyBJm2txDueuU8SeA
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5