General
-
Target
f42b5ff4ab691b9af3c72cdfda43d419_JaffaCakes118
-
Size
234KB
-
Sample
241215-qgf96swrhm
-
MD5
f42b5ff4ab691b9af3c72cdfda43d419
-
SHA1
9759512749bdc88c0430b2e664e055f07e46f66b
-
SHA256
b1ea57d7569fec7d244810cb77a4bfe3220104afab20918febcd44743eeb7e2e
-
SHA512
ac478171a959eae1517043f8607790bec0840648ef96075d8882235b058ab2b44cc92e924e39108da82598b72a865c8775fcb20c4afefa97e2bc26693c9b2cb6
-
SSDEEP
3072:m1GQp9T0SQmaEDqSpDZcYLWF95uiLztGtCTrHLgr:P23gIpUF95tzv3gr
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f42b5ff4ab691b9af3c72cdfda43d419_JaffaCakes118
-
Size
234KB
-
MD5
f42b5ff4ab691b9af3c72cdfda43d419
-
SHA1
9759512749bdc88c0430b2e664e055f07e46f66b
-
SHA256
b1ea57d7569fec7d244810cb77a4bfe3220104afab20918febcd44743eeb7e2e
-
SHA512
ac478171a959eae1517043f8607790bec0840648ef96075d8882235b058ab2b44cc92e924e39108da82598b72a865c8775fcb20c4afefa97e2bc26693c9b2cb6
-
SSDEEP
3072:m1GQp9T0SQmaEDqSpDZcYLWF95uiLztGtCTrHLgr:P23gIpUF95tzv3gr
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3