Overview
overview
10Static
static
3f9c81b8a51...18.exe
windows7-x64
10f9c81b8a51...18.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...bs.exe
windows7-x64
10$PLUGINSDI...bs.exe
windows10-2004-x64
10$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI..._U.dll
windows7-x64
3$PLUGINSDI..._U.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDIR/timet.dll
windows7-x64
3$PLUGINSDIR/timet.dll
windows10-2004-x64
3General
-
Target
f9c81b8a5139063674255967114f54d2_JaffaCakes118
-
Size
213KB
-
Sample
241218-c591ha1jhm
-
MD5
f9c81b8a5139063674255967114f54d2
-
SHA1
b819e9f11ce38a5a062c6d80a31e74b5db69f56e
-
SHA256
8c7bd2a1f8df671ec341342ca31082be1018f32f60e3ab62e6eb27869d665267
-
SHA512
5251c6cfec9b91a3fce824b61528284074affa4f053ad0dca2d7fe50d7f0da7e42328269501adf0e642dfc65fb964af646b29e01c91102d00f02c0d14cea7163
-
SSDEEP
6144:oB7F/YqVV7qEwL3WcL7XAVPKZ7l+uK2zt27l+1LkJeEk:oB5rV5FwTWc/8PW7lVX27lUkJy
Static task
static1
Behavioral task
behavioral1
Sample
f9c81b8a5139063674255967114f54d2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f9c81b8a5139063674255967114f54d2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/unyt_bs.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/unyt_bs.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/MoreInfo_U.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/MoreInfo_U.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/YExecShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/YExecShell.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/timet.dll
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/timet.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f9c81b8a5139063674255967114f54d2_JaffaCakes118
-
Size
213KB
-
MD5
f9c81b8a5139063674255967114f54d2
-
SHA1
b819e9f11ce38a5a062c6d80a31e74b5db69f56e
-
SHA256
8c7bd2a1f8df671ec341342ca31082be1018f32f60e3ab62e6eb27869d665267
-
SHA512
5251c6cfec9b91a3fce824b61528284074affa4f053ad0dca2d7fe50d7f0da7e42328269501adf0e642dfc65fb964af646b29e01c91102d00f02c0d14cea7163
-
SSDEEP
6144:oB7F/YqVV7qEwL3WcL7XAVPKZ7l+uK2zt27l+1LkJeEk:oB5rV5FwTWc/8PW7lVX27lUkJy
-
Modifies firewall policy service
-
Sality family
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
9KB
-
MD5
ae182dc797cd9ad2c025066692fc041b
-
SHA1
7ee5f057be9febfa77f698a1b12213a5bbdd4742
-
SHA256
b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471
-
SHA512
2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7
-
SSDEEP
192:SVS+6oMnQ5TWgWsMI4R5Or5nQU39FmeknC:S56oMQ5TWlbI4RS/F8C
Score3/10 -
-
-
Target
$PLUGINSDIR/unyt_bs.exe
-
Size
181KB
-
MD5
99f7727af44deab5018d9fe078de0082
-
SHA1
ea16d5616445fd1acc5396a68dc3987f18966761
-
SHA256
8d1f64a229c1054192fd6c349b0f78232d1a5976656d51df4b79ddd95ea63140
-
SHA512
087f2112bd40d66fd25c8c11156999809747e534405064adb7e71a0f9438224f6dd6a93b3103afd5716edaaa424f7207956ba5d263ce1b8ef655115f936a388b
-
SSDEEP
3072:SjJ+0zj7zguW6CIN8qVhX77W4X591wL3WcL7XwanUVPKWat2WIlhsOELkuhSUMGh:oB7F/YqVV7qEwL3WcL7XAVPKrt27l+1D
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/InetLoad.dll
-
Size
21KB
-
MD5
c3a09178c2ac083be6b2230fe806779c
-
SHA1
30cd61ac880d70124c9e4db9a3dbda96c8ddf708
-
SHA256
a5d6ce0e726832447fe09c52bd3475626e878b21a84b407fd69e541eb3f1afb0
-
SHA512
cc03f6f757f0ec63574a8c02b602de2d4a77819a48e318c3d6c43bdffcf587f55425d9744d25c0c51cb0f72242ae4dd94276c19336592b855487e3b2793c5b45
-
SSDEEP
384:nNrOZTOthDtbSoI8ZdOegqY1TPrHE0dKyV1lpp7yPksyT:nNJDIsdOegqY1vk0dvFjT
Score3/10 -
-
-
Target
$PLUGINSDIR/MoreInfo_U.dll
-
Size
64KB
-
MD5
bcbb3d47b901167a04ca309597384859
-
SHA1
9e21d55fe18fddc4f6054c2ec6d1dd2ee79f6057
-
SHA256
d77ef48fab0c91b6fa101786009ccaece4ae0767e1b3cd6269b845579f1310e2
-
SHA512
370d25e82952f8bf5853ee1a5285bdc52e64995aa1b42c9f205f67c0426d526ee09a7c817b78877a1a391fbb62349f395906e0a48aac752f02094f4f901c7403
-
SSDEEP
768:4dUibnu1u6HQiuqCX9rNYnjvtVDAOVYx/kQX0fIgkPZtbIsdRAU2UZ:5T1uyQxX90jvgmI8mwIgitEV2
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
9KB
-
MD5
ae182dc797cd9ad2c025066692fc041b
-
SHA1
7ee5f057be9febfa77f698a1b12213a5bbdd4742
-
SHA256
b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471
-
SHA512
2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7
-
SSDEEP
192:SVS+6oMnQ5TWgWsMI4R5Or5nQU39FmeknC:S56oMQ5TWlbI4RS/F8C
Score3/10 -
-
-
Target
$PLUGINSDIR/YExecShell.dll
-
Size
2KB
-
MD5
e92a6284042cbb30e52cb64d3355f1e7
-
SHA1
c8d6ab39bb5ffaf7da78143103d5bfdaa146b91e
-
SHA256
ce5f87a2080c8e6ca6ec1b9d11369b1a5554e8eb5d69672fc6e04bd6bc95fc05
-
SHA512
32f5f2d10f13d62c501f44346879be8e116761510011daa391c3dd2e53a27f760f892b78de1ee31fb12563484fd1eca29675302ba900025d990f8cb7c3c111a8
Score3/10 -
-
-
Target
$PLUGINSDIR/timet.dll
-
Size
2KB
-
MD5
29dd90a1a32084f30f99a12195009076
-
SHA1
60bf8178ddff81fa471eeea724e9c3b6e9cb5e64
-
SHA256
248b3209a1a3c7ec9a56df7a113b3a52f85f5c1d25e4a9b7778373121edef521
-
SHA512
a812add8ec26dd382413105756f6fc734f1401487971bac31c16a89dac5fe01fbc4f5347c8251a6000e3466d5e10a67155747102c7b66811f51d5107c6f35134
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5