General
-
Target
fc0b2dbd730d97a497d749a79e542cff_JaffaCakes118
-
Size
100KB
-
Sample
241218-skvm3stjat
-
MD5
fc0b2dbd730d97a497d749a79e542cff
-
SHA1
0198685357158e22a40bc3c011836594cefd8b21
-
SHA256
e2b1d856b2673b9fd15a20b8c8fa682002130ab9835ac6da38c4ce919cc8ff62
-
SHA512
cce9c1f49834c305547bd785bbff92510a718d9e900964bc600eb162592242ec276686f2a8bd127c41601ec6fd5cb72b2d17eae9c40aea2ac856397694f1ec78
-
SSDEEP
3072:v3C+DR//PWdcwDk3+OsIThZRZn5drswTtgu:v3C+lPWdc13+Osw7n5do8C
Static task
static1
Behavioral task
behavioral1
Sample
fc0b2dbd730d97a497d749a79e542cff_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
fc0b2dbd730d97a497d749a79e542cff_JaffaCakes118
-
Size
100KB
-
MD5
fc0b2dbd730d97a497d749a79e542cff
-
SHA1
0198685357158e22a40bc3c011836594cefd8b21
-
SHA256
e2b1d856b2673b9fd15a20b8c8fa682002130ab9835ac6da38c4ce919cc8ff62
-
SHA512
cce9c1f49834c305547bd785bbff92510a718d9e900964bc600eb162592242ec276686f2a8bd127c41601ec6fd5cb72b2d17eae9c40aea2ac856397694f1ec78
-
SSDEEP
3072:v3C+DR//PWdcwDk3+OsIThZRZn5drswTtgu:v3C+lPWdc13+Osw7n5do8C
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5