General

  • Target

    f9c81b8a5139063674255967114f54d2_JaffaCakes118

  • Size

    213KB

  • Sample

    241218-c591ha1jhm

  • MD5

    f9c81b8a5139063674255967114f54d2

  • SHA1

    b819e9f11ce38a5a062c6d80a31e74b5db69f56e

  • SHA256

    8c7bd2a1f8df671ec341342ca31082be1018f32f60e3ab62e6eb27869d665267

  • SHA512

    5251c6cfec9b91a3fce824b61528284074affa4f053ad0dca2d7fe50d7f0da7e42328269501adf0e642dfc65fb964af646b29e01c91102d00f02c0d14cea7163

  • SSDEEP

    6144:oB7F/YqVV7qEwL3WcL7XAVPKZ7l+uK2zt27l+1LkJeEk:oB5rV5FwTWc/8PW7lVX27lUkJy

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      f9c81b8a5139063674255967114f54d2_JaffaCakes118

    • Size

      213KB

    • MD5

      f9c81b8a5139063674255967114f54d2

    • SHA1

      b819e9f11ce38a5a062c6d80a31e74b5db69f56e

    • SHA256

      8c7bd2a1f8df671ec341342ca31082be1018f32f60e3ab62e6eb27869d665267

    • SHA512

      5251c6cfec9b91a3fce824b61528284074affa4f053ad0dca2d7fe50d7f0da7e42328269501adf0e642dfc65fb964af646b29e01c91102d00f02c0d14cea7163

    • SSDEEP

      6144:oB7F/YqVV7qEwL3WcL7XAVPKZ7l+uK2zt27l+1LkJeEk:oB5rV5FwTWc/8PW7lVX27lUkJy

    • Target

      $PLUGINSDIR/System.dll

    • Size

      9KB

    • MD5

      ae182dc797cd9ad2c025066692fc041b

    • SHA1

      7ee5f057be9febfa77f698a1b12213a5bbdd4742

    • SHA256

      b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471

    • SHA512

      2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7

    • SSDEEP

      192:SVS+6oMnQ5TWgWsMI4R5Or5nQU39FmeknC:S56oMQ5TWlbI4RS/F8C

    Score
    3/10
    • Target

      $PLUGINSDIR/unyt_bs.exe

    • Size

      181KB

    • MD5

      99f7727af44deab5018d9fe078de0082

    • SHA1

      ea16d5616445fd1acc5396a68dc3987f18966761

    • SHA256

      8d1f64a229c1054192fd6c349b0f78232d1a5976656d51df4b79ddd95ea63140

    • SHA512

      087f2112bd40d66fd25c8c11156999809747e534405064adb7e71a0f9438224f6dd6a93b3103afd5716edaaa424f7207956ba5d263ce1b8ef655115f936a388b

    • SSDEEP

      3072:SjJ+0zj7zguW6CIN8qVhX77W4X591wL3WcL7XwanUVPKWat2WIlhsOELkuhSUMGh:oB7F/YqVV7qEwL3WcL7XAVPKrt27l+1D

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InetLoad.dll

    • Size

      21KB

    • MD5

      c3a09178c2ac083be6b2230fe806779c

    • SHA1

      30cd61ac880d70124c9e4db9a3dbda96c8ddf708

    • SHA256

      a5d6ce0e726832447fe09c52bd3475626e878b21a84b407fd69e541eb3f1afb0

    • SHA512

      cc03f6f757f0ec63574a8c02b602de2d4a77819a48e318c3d6c43bdffcf587f55425d9744d25c0c51cb0f72242ae4dd94276c19336592b855487e3b2793c5b45

    • SSDEEP

      384:nNrOZTOthDtbSoI8ZdOegqY1TPrHE0dKyV1lpp7yPksyT:nNJDIsdOegqY1vk0dvFjT

    Score
    3/10
    • Target

      $PLUGINSDIR/MoreInfo_U.dll

    • Size

      64KB

    • MD5

      bcbb3d47b901167a04ca309597384859

    • SHA1

      9e21d55fe18fddc4f6054c2ec6d1dd2ee79f6057

    • SHA256

      d77ef48fab0c91b6fa101786009ccaece4ae0767e1b3cd6269b845579f1310e2

    • SHA512

      370d25e82952f8bf5853ee1a5285bdc52e64995aa1b42c9f205f67c0426d526ee09a7c817b78877a1a391fbb62349f395906e0a48aac752f02094f4f901c7403

    • SSDEEP

      768:4dUibnu1u6HQiuqCX9rNYnjvtVDAOVYx/kQX0fIgkPZtbIsdRAU2UZ:5T1uyQxX90jvgmI8mwIgitEV2

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      9KB

    • MD5

      ae182dc797cd9ad2c025066692fc041b

    • SHA1

      7ee5f057be9febfa77f698a1b12213a5bbdd4742

    • SHA256

      b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471

    • SHA512

      2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7

    • SSDEEP

      192:SVS+6oMnQ5TWgWsMI4R5Or5nQU39FmeknC:S56oMQ5TWlbI4RS/F8C

    Score
    3/10
    • Target

      $PLUGINSDIR/YExecShell.dll

    • Size

      2KB

    • MD5

      e92a6284042cbb30e52cb64d3355f1e7

    • SHA1

      c8d6ab39bb5ffaf7da78143103d5bfdaa146b91e

    • SHA256

      ce5f87a2080c8e6ca6ec1b9d11369b1a5554e8eb5d69672fc6e04bd6bc95fc05

    • SHA512

      32f5f2d10f13d62c501f44346879be8e116761510011daa391c3dd2e53a27f760f892b78de1ee31fb12563484fd1eca29675302ba900025d990f8cb7c3c111a8

    Score
    3/10
    • Target

      $PLUGINSDIR/timet.dll

    • Size

      2KB

    • MD5

      29dd90a1a32084f30f99a12195009076

    • SHA1

      60bf8178ddff81fa471eeea724e9c3b6e9cb5e64

    • SHA256

      248b3209a1a3c7ec9a56df7a113b3a52f85f5c1d25e4a9b7778373121edef521

    • SHA512

      a812add8ec26dd382413105756f6fc734f1401487971bac31c16a89dac5fe01fbc4f5347c8251a6000e3466d5e10a67155747102c7b66811f51d5107c6f35134

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks