General

  • Target

    fa328a2383978adfdb982b8410687be8_JaffaCakes118

  • Size

    766KB

  • Sample

    241218-fnm17avrcj

  • MD5

    fa328a2383978adfdb982b8410687be8

  • SHA1

    b4c2ec3a08f35f0111ab3ed664d93eaa8fdc9a2f

  • SHA256

    de254f422bc3931cf7b34cb98600400ab3a17aae766ea3849b2d4e663c2285db

  • SHA512

    bb08aee9700004d158bc4e4445309d0241888e8d87728554004f654535b6710b74b9c0300924c702fa4af44edb1a7501ebc2e06441385141d962b687a0768923

  • SSDEEP

    12288:fRObekMtkfohrPUs37uzHnA6zg5cIsalHERjUrNN/RQ9wgUT52DExycO0nKT0sWY:5ObekYkfohrP337uzHnA6cHswHE/6gUI

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      fa328a2383978adfdb982b8410687be8_JaffaCakes118

    • Size

      766KB

    • MD5

      fa328a2383978adfdb982b8410687be8

    • SHA1

      b4c2ec3a08f35f0111ab3ed664d93eaa8fdc9a2f

    • SHA256

      de254f422bc3931cf7b34cb98600400ab3a17aae766ea3849b2d4e663c2285db

    • SHA512

      bb08aee9700004d158bc4e4445309d0241888e8d87728554004f654535b6710b74b9c0300924c702fa4af44edb1a7501ebc2e06441385141d962b687a0768923

    • SSDEEP

      12288:fRObekMtkfohrPUs37uzHnA6zg5cIsalHERjUrNN/RQ9wgUT52DExycO0nKT0sWY:5ObekYkfohrP337uzHnA6cHswHE/6gUI

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks