General

  • Target

    fbd8fb910405b7f7a6e1159e4e806d30_JaffaCakes118

  • Size

    3.3MB

  • Sample

    241218-rf2eds1qdv

  • MD5

    fbd8fb910405b7f7a6e1159e4e806d30

  • SHA1

    d10a1b21213af8f9230e6073a9303313eebe516d

  • SHA256

    ebc228357437b98484efc94757a40fd3af4c0862d6968c451b88df34ead9bb9c

  • SHA512

    22b471a48b770dd7e12382541b54fa1f559c2bd9d8b0f4c3c1c0b1df06703b49ddb5fd3614502fa7e3255aaabd371574c8e55a6199aac8aecde21f12a76a318c

  • SSDEEP

    98304:95kwXP8PP7zRMdi581/i88zfYWSlOb6v5s:95kwe7zRT5Q/58zfYWSlE8s

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      ZAWAJ/الزواج.pdf

    • Size

      418KB

    • MD5

      836b3de13d7ea01495af1d049f07b69e

    • SHA1

      271d2b3c67702c788eac6f1c8b3079f8b3c3a675

    • SHA256

      f3cedf45890bf6e5114a495f7c00df3d46e31d60296c04e57fe7ab7188c7cc5c

    • SHA512

      ebbf052f288f78320f9868d695c331bf0b83b62fdeb06fab696fb5923c29f5cdd06c725f41d47cb0bff27dd9f722be48fd10608efc86d474a7d056d275ca7fba

    • SSDEEP

      12288:2KcLIEKA/KlzUnoX+JsQUsRC5b31wiojxmDhU:2bNU+JTcCiojxmDy

    Score
    3/10
    • Target

      ZAWAJ/القائمة 1.pdf

    • Size

      506KB

    • MD5

      21bb02f5b5acd8d46e81819da55cb926

    • SHA1

      3702ef8dacff28d6dd261c0263e771f8192039b2

    • SHA256

      f577228b376a3c7b140eed0f7e7115824412db8e12639b23fe1bad53141400e1

    • SHA512

      77b0dd487e5dc040e6d308191d5f57dd939f9912a505d6ebeb71cf15c1e870390b8b841c779e52328ca69f22746b7754a98d11cb465adf4a8c6a6f1556e8cc2c

    • SSDEEP

      12288:EKvNzm3m2uxrRI2+yW9HEOSigpEgoRsdp1d+4NN799:EgzOCIZyW9HEOSilg37xL

    Score
    3/10
    • Target

      ZAWAJ/القائمة 2.pdf

    • Size

      588KB

    • MD5

      03ad9cb72c3da3cfdfa25c7091f1797b

    • SHA1

      3921fb22f063d98091aee19d060fddb045089386

    • SHA256

      a98049917224d4c58807a8290ee4b612593d74909c825078eca2c26068345010

    • SHA512

      0850d4155f88935c3cdcedefea10dc444c42bc1b390804c458fabb0fbc78bb50ecbe0f80da0ecdd87bae683ad6cc8976aa8c6e9d5b9723e6c42e92a23edd19e4

    • SSDEEP

      12288:N4bXf8kZvIoBXy3ZgiEksEFog9E95PKlgBFUQxAWZuj:N4bEklIoQ3ZmkpoQEjPKlgBFUrWA

    Score
    3/10
    • Target

      ZAWAJ/القائمة 3.pdf

    • Size

      545KB

    • MD5

      44cd508a1b16e89e4f15890199ec29f1

    • SHA1

      6d05c49da668cdc217acea1d60f8c8172aa92f25

    • SHA256

      d1bd1ae3e121f6c3dcdd2dfb11acd40744b3c4804f106b0ece207b2f63be6c19

    • SHA512

      0977cf98194a722200c82e5186ae92df02f367fb4e81237326a1e2aa1278ab9e4cdde95dc495832eebb26e9c15bf396f67157192e0a2455cb14337346ff9a9d8

    • SSDEEP

      12288:O6rtqMyHsWsdLGlPy8eCpshduSALsaRQV1g6HOEz:ZtcMWsdSo8rLS6saejg6u4

    Score
    3/10
    • Target

      ZAWAJ/القائمة 4.pdf

    • Size

      582KB

    • MD5

      29a41d132d60c7b2cb36a8e03d57f6a3

    • SHA1

      b4868c666b16261f2332a11ad007a65dc2baf69b

    • SHA256

      4b842a672aacb5a51222c7d4e598891a40886bfb944296e733ea429a9e14a1f8

    • SHA512

      0e21f490e4f76d1fcafb105b6a04b824a44621f868822e5e3a23d280404ac6d42b57ee699d4241cb70572bd2293037384bad242b8b3b157893c1e2d50da47112

    • SSDEEP

      12288:c3ueGaZpBL9dnpHFU2aYT5m5DXrk7Ve1YArw8F:YuqZpBLY2mpJ1prZF

    Score
    3/10
    • Target

      ZAWAJ/القائمة 5.pdf

    • Size

      560KB

    • MD5

      2e25856df0d38d4848508cc7f584a072

    • SHA1

      658625f4b0d2b605293404e439784f4d17edcb38

    • SHA256

      ac401cfff275a4c0d9c15160efb66fd54ee7f0b06360a558b9963ec5c9aa5b8b

    • SHA512

      c85fbd913b8f823f5eba4aef9e73a4eee93400982baecb5c3771145786b9875ffe166bec3fd79893a62848d622c39818dc1bc32a51d32012b208dc2c7cebd21d

    • SSDEEP

      12288:P7pfME4fTwqQQFYNbkxjuZNfoVtAc8XXQ6g1hHFFWj:j1MEI8qDqUKoYc1JRFFWj

    Score
    3/10
    • Target

      ZAWAJ/القائمة 6.pdf

    • Size

      403KB

    • MD5

      d660b276177022ae7a4c19f9406171ae

    • SHA1

      a3af4f72c6a41f25f11af0f39662065b4ee19967

    • SHA256

      e1e9b04eba99d5c65b761c49b7cec5ec2cfdd228b04ac420c826286c78a891cf

    • SHA512

      eace6ec4c4a4d295e500302a9afaced7d641667abdee1db19d6f3298fea8561059da9d6fb39f384c77d573ba6f6a413e64feec5627321eadc33eaaeb877a4fd7

    • SSDEEP

      12288:atY26yyS5EbHZceQx/Sx09EKV3KVzQlWgV:sYBbrZcHSxDKVaV0ogV

    Score
    3/10
    • Target

      ZAWAJ/سلفة الزواج.exe

    • Size

      537KB

    • MD5

      c3301e4d94470ba91c173a018bd1d98b

    • SHA1

      8304f283a74fbe6692f503253300d7103fe08a48

    • SHA256

      4169c47e80a359af9ebaf4387cb129a9636e6ce7914aceaada2b0e01bb6f4370

    • SHA512

      a138cf2b5904b15e557eadfe53a81fd10abd946af6e917d125b28e39a5834dd57ba2f3583f84cd23d78549aab06474fd9f1f7442e82777ebb5365bc1af42edee

    • SSDEEP

      12288:uS1480yo7BuOFD7rgzUOcAQ5vXoBf2iy/6VwH8:uS28EtR3rtwQaICVX

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks