Overview
overview
10Static
static
3ZAWAJ/ال...ج.pdf
windows7-x64
3ZAWAJ/ال...ج.pdf
windows10-2004-x64
3ZAWAJ/ال... 1.pdf
windows7-x64
3ZAWAJ/ال... 1.pdf
windows10-2004-x64
3ZAWAJ/ال... 2.pdf
windows7-x64
3ZAWAJ/ال... 2.pdf
windows10-2004-x64
3ZAWAJ/ال... 3.pdf
windows7-x64
3ZAWAJ/ال... 3.pdf
windows10-2004-x64
3ZAWAJ/ال... 4.pdf
windows7-x64
3ZAWAJ/ال... 4.pdf
windows10-2004-x64
3ZAWAJ/ال... 5.pdf
windows7-x64
3ZAWAJ/ال... 5.pdf
windows10-2004-x64
3ZAWAJ/ال... 6.pdf
windows7-x64
3ZAWAJ/ال... 6.pdf
windows10-2004-x64
3ZAWAJ/سل...ج.exe
windows7-x64
10ZAWAJ/سل...ج.exe
windows10-2004-x64
10General
-
Target
fbd8fb910405b7f7a6e1159e4e806d30_JaffaCakes118
-
Size
3.3MB
-
Sample
241218-rf2eds1qdv
-
MD5
fbd8fb910405b7f7a6e1159e4e806d30
-
SHA1
d10a1b21213af8f9230e6073a9303313eebe516d
-
SHA256
ebc228357437b98484efc94757a40fd3af4c0862d6968c451b88df34ead9bb9c
-
SHA512
22b471a48b770dd7e12382541b54fa1f559c2bd9d8b0f4c3c1c0b1df06703b49ddb5fd3614502fa7e3255aaabd371574c8e55a6199aac8aecde21f12a76a318c
-
SSDEEP
98304:95kwXP8PP7zRMdi581/i88zfYWSlOb6v5s:95kwe7zRT5Q/58zfYWSlE8s
Static task
static1
Behavioral task
behavioral1
Sample
ZAWAJ/الزواج.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ZAWAJ/الزواج.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ZAWAJ/القائمة 1.pdf
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
ZAWAJ/القائمة 1.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
ZAWAJ/القائمة 2.pdf
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
ZAWAJ/القائمة 2.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
ZAWAJ/القائمة 3.pdf
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
ZAWAJ/القائمة 3.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
ZAWAJ/القائمة 4.pdf
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
ZAWAJ/القائمة 4.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
ZAWAJ/القائمة 5.pdf
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
ZAWAJ/القائمة 5.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
ZAWAJ/القائمة 6.pdf
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
ZAWAJ/القائمة 6.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ZAWAJ/سلفة الزواج.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ZAWAJ/الزواج.pdf
-
Size
418KB
-
MD5
836b3de13d7ea01495af1d049f07b69e
-
SHA1
271d2b3c67702c788eac6f1c8b3079f8b3c3a675
-
SHA256
f3cedf45890bf6e5114a495f7c00df3d46e31d60296c04e57fe7ab7188c7cc5c
-
SHA512
ebbf052f288f78320f9868d695c331bf0b83b62fdeb06fab696fb5923c29f5cdd06c725f41d47cb0bff27dd9f722be48fd10608efc86d474a7d056d275ca7fba
-
SSDEEP
12288:2KcLIEKA/KlzUnoX+JsQUsRC5b31wiojxmDhU:2bNU+JTcCiojxmDy
Score3/10 -
-
-
Target
ZAWAJ/القائمة 1.pdf
-
Size
506KB
-
MD5
21bb02f5b5acd8d46e81819da55cb926
-
SHA1
3702ef8dacff28d6dd261c0263e771f8192039b2
-
SHA256
f577228b376a3c7b140eed0f7e7115824412db8e12639b23fe1bad53141400e1
-
SHA512
77b0dd487e5dc040e6d308191d5f57dd939f9912a505d6ebeb71cf15c1e870390b8b841c779e52328ca69f22746b7754a98d11cb465adf4a8c6a6f1556e8cc2c
-
SSDEEP
12288:EKvNzm3m2uxrRI2+yW9HEOSigpEgoRsdp1d+4NN799:EgzOCIZyW9HEOSilg37xL
Score3/10 -
-
-
Target
ZAWAJ/القائمة 2.pdf
-
Size
588KB
-
MD5
03ad9cb72c3da3cfdfa25c7091f1797b
-
SHA1
3921fb22f063d98091aee19d060fddb045089386
-
SHA256
a98049917224d4c58807a8290ee4b612593d74909c825078eca2c26068345010
-
SHA512
0850d4155f88935c3cdcedefea10dc444c42bc1b390804c458fabb0fbc78bb50ecbe0f80da0ecdd87bae683ad6cc8976aa8c6e9d5b9723e6c42e92a23edd19e4
-
SSDEEP
12288:N4bXf8kZvIoBXy3ZgiEksEFog9E95PKlgBFUQxAWZuj:N4bEklIoQ3ZmkpoQEjPKlgBFUrWA
Score3/10 -
-
-
Target
ZAWAJ/القائمة 3.pdf
-
Size
545KB
-
MD5
44cd508a1b16e89e4f15890199ec29f1
-
SHA1
6d05c49da668cdc217acea1d60f8c8172aa92f25
-
SHA256
d1bd1ae3e121f6c3dcdd2dfb11acd40744b3c4804f106b0ece207b2f63be6c19
-
SHA512
0977cf98194a722200c82e5186ae92df02f367fb4e81237326a1e2aa1278ab9e4cdde95dc495832eebb26e9c15bf396f67157192e0a2455cb14337346ff9a9d8
-
SSDEEP
12288:O6rtqMyHsWsdLGlPy8eCpshduSALsaRQV1g6HOEz:ZtcMWsdSo8rLS6saejg6u4
Score3/10 -
-
-
Target
ZAWAJ/القائمة 4.pdf
-
Size
582KB
-
MD5
29a41d132d60c7b2cb36a8e03d57f6a3
-
SHA1
b4868c666b16261f2332a11ad007a65dc2baf69b
-
SHA256
4b842a672aacb5a51222c7d4e598891a40886bfb944296e733ea429a9e14a1f8
-
SHA512
0e21f490e4f76d1fcafb105b6a04b824a44621f868822e5e3a23d280404ac6d42b57ee699d4241cb70572bd2293037384bad242b8b3b157893c1e2d50da47112
-
SSDEEP
12288:c3ueGaZpBL9dnpHFU2aYT5m5DXrk7Ve1YArw8F:YuqZpBLY2mpJ1prZF
Score3/10 -
-
-
Target
ZAWAJ/القائمة 5.pdf
-
Size
560KB
-
MD5
2e25856df0d38d4848508cc7f584a072
-
SHA1
658625f4b0d2b605293404e439784f4d17edcb38
-
SHA256
ac401cfff275a4c0d9c15160efb66fd54ee7f0b06360a558b9963ec5c9aa5b8b
-
SHA512
c85fbd913b8f823f5eba4aef9e73a4eee93400982baecb5c3771145786b9875ffe166bec3fd79893a62848d622c39818dc1bc32a51d32012b208dc2c7cebd21d
-
SSDEEP
12288:P7pfME4fTwqQQFYNbkxjuZNfoVtAc8XXQ6g1hHFFWj:j1MEI8qDqUKoYc1JRFFWj
Score3/10 -
-
-
Target
ZAWAJ/القائمة 6.pdf
-
Size
403KB
-
MD5
d660b276177022ae7a4c19f9406171ae
-
SHA1
a3af4f72c6a41f25f11af0f39662065b4ee19967
-
SHA256
e1e9b04eba99d5c65b761c49b7cec5ec2cfdd228b04ac420c826286c78a891cf
-
SHA512
eace6ec4c4a4d295e500302a9afaced7d641667abdee1db19d6f3298fea8561059da9d6fb39f384c77d573ba6f6a413e64feec5627321eadc33eaaeb877a4fd7
-
SSDEEP
12288:atY26yyS5EbHZceQx/Sx09EKV3KVzQlWgV:sYBbrZcHSxDKVaV0ogV
Score3/10 -
-
-
Target
ZAWAJ/سلفة الزواج.exe
-
Size
537KB
-
MD5
c3301e4d94470ba91c173a018bd1d98b
-
SHA1
8304f283a74fbe6692f503253300d7103fe08a48
-
SHA256
4169c47e80a359af9ebaf4387cb129a9636e6ce7914aceaada2b0e01bb6f4370
-
SHA512
a138cf2b5904b15e557eadfe53a81fd10abd946af6e917d125b28e39a5834dd57ba2f3583f84cd23d78549aab06474fd9f1f7442e82777ebb5365bc1af42edee
-
SSDEEP
12288:uS1480yo7BuOFD7rgzUOcAQ5vXoBf2iy/6VwH8:uS28EtR3rtwQaICVX
-
Modifies firewall policy service
-
Sality family
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7