General
-
Target
f9a350249a310ce63653875a12a703ce_JaffaCakes118
-
Size
100KB
-
Sample
241218-caqndaxmcz
-
MD5
f9a350249a310ce63653875a12a703ce
-
SHA1
65ca7e61ab919fb97457bd2a2f07ba1de786eb9e
-
SHA256
151f04ef28b0cf021841ee84f228d9fc7e0f8844c0a392e0b3df3da3738da83f
-
SHA512
b9ddd6cf6d19d3c2ff65b8507eb7c54a41e080ee8081ad7f298851abf24880c486f03dfcae490428c3539b78c51da1bb1b0e8dd943d46feb4282883232edaa46
-
SSDEEP
1536:iYxCqzE2LeT1wyVFZBmZvEqr6wVpGFAvVnt3XMKFPY7/iXI4x2JJZEAzq:ii3Eg8jBwJ65AvVnpMJ/iY4AJJ2Az
Static task
static1
Behavioral task
behavioral1
Sample
f9a350249a310ce63653875a12a703ce_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f9a350249a310ce63653875a12a703ce_JaffaCakes118
-
Size
100KB
-
MD5
f9a350249a310ce63653875a12a703ce
-
SHA1
65ca7e61ab919fb97457bd2a2f07ba1de786eb9e
-
SHA256
151f04ef28b0cf021841ee84f228d9fc7e0f8844c0a392e0b3df3da3738da83f
-
SHA512
b9ddd6cf6d19d3c2ff65b8507eb7c54a41e080ee8081ad7f298851abf24880c486f03dfcae490428c3539b78c51da1bb1b0e8dd943d46feb4282883232edaa46
-
SSDEEP
1536:iYxCqzE2LeT1wyVFZBmZvEqr6wVpGFAvVnt3XMKFPY7/iXI4x2JJZEAzq:ii3Eg8jBwJ65AvVnpMJ/iY4AJJ2Az
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5