General
-
Target
fa328a2383978adfdb982b8410687be8_JaffaCakes118
-
Size
766KB
-
Sample
241218-fnm17avrcj
-
MD5
fa328a2383978adfdb982b8410687be8
-
SHA1
b4c2ec3a08f35f0111ab3ed664d93eaa8fdc9a2f
-
SHA256
de254f422bc3931cf7b34cb98600400ab3a17aae766ea3849b2d4e663c2285db
-
SHA512
bb08aee9700004d158bc4e4445309d0241888e8d87728554004f654535b6710b74b9c0300924c702fa4af44edb1a7501ebc2e06441385141d962b687a0768923
-
SSDEEP
12288:fRObekMtkfohrPUs37uzHnA6zg5cIsalHERjUrNN/RQ9wgUT52DExycO0nKT0sWY:5ObekYkfohrP337uzHnA6cHswHE/6gUI
Static task
static1
Behavioral task
behavioral1
Sample
fa328a2383978adfdb982b8410687be8_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
fa328a2383978adfdb982b8410687be8_JaffaCakes118
-
Size
766KB
-
MD5
fa328a2383978adfdb982b8410687be8
-
SHA1
b4c2ec3a08f35f0111ab3ed664d93eaa8fdc9a2f
-
SHA256
de254f422bc3931cf7b34cb98600400ab3a17aae766ea3849b2d4e663c2285db
-
SHA512
bb08aee9700004d158bc4e4445309d0241888e8d87728554004f654535b6710b74b9c0300924c702fa4af44edb1a7501ebc2e06441385141d962b687a0768923
-
SSDEEP
12288:fRObekMtkfohrPUs37uzHnA6zg5cIsalHERjUrNN/RQ9wgUT52DExycO0nKT0sWY:5ObekYkfohrP337uzHnA6cHswHE/6gUI
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5