General
-
Target
f27cee8243c7fb02820bb696434ddf7a_JaffaCakes118
-
Size
1.9MB
-
Sample
241215-f3xh6svpe1
-
MD5
f27cee8243c7fb02820bb696434ddf7a
-
SHA1
e59e81ddb54048c6780ad851423be2e9ca17f944
-
SHA256
2085f0ff4db0f32f394b5bc5265cd02553bdb60e09870b150d16e401a681e07f
-
SHA512
c5cbb6e96077cffaf826017f5c09a0508101c019e790bbb2f05fcc54e4d83a9b246d9f8c794d474f61547deff44f993472a1f7b574c516cb765273bab76e72a3
-
SSDEEP
12288:ft44anavi/9GJniw6U3Xq3gwUwoMTDU03ULgzyygn7iDE37f8evbSbhkXdL3q12d:2nannCUIzU8tUJywBf8GmbmXdL3E2So
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f27cee8243c7fb02820bb696434ddf7a_JaffaCakes118
-
Size
1.9MB
-
MD5
f27cee8243c7fb02820bb696434ddf7a
-
SHA1
e59e81ddb54048c6780ad851423be2e9ca17f944
-
SHA256
2085f0ff4db0f32f394b5bc5265cd02553bdb60e09870b150d16e401a681e07f
-
SHA512
c5cbb6e96077cffaf826017f5c09a0508101c019e790bbb2f05fcc54e4d83a9b246d9f8c794d474f61547deff44f993472a1f7b574c516cb765273bab76e72a3
-
SSDEEP
12288:ft44anavi/9GJniw6U3Xq3gwUwoMTDU03ULgzyygn7iDE37f8evbSbhkXdL3q12d:2nannCUIzU8tUJywBf8GmbmXdL3E2So
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5