General
-
Target
fc7274aad440ca7d679a24510650ddb1_JaffaCakes118
-
Size
120KB
-
Sample
241218-vwnd9awmcw
-
MD5
fc7274aad440ca7d679a24510650ddb1
-
SHA1
cb10c8a0891a4f0680bd7e9e53db91edb5e03afa
-
SHA256
a83307df0ab0118dc893590e6448f66983e0173df076e10f25a9d1c56a2fd952
-
SHA512
f645f4e10b3832b5e925d9c2be8fa7f1bdd66d6d1447e4b101574635ba99adc5a02b9ed62c458f04f8dd3939ec52e335d639bb5832d0832b795cfed494612f60
-
SSDEEP
3072:Ye27jUGi+Ju9bWcOkD8Tq3r0mEPY8Ln8Vvy30:Ye27w+SOkYOvy
Static task
static1
Behavioral task
behavioral1
Sample
fc7274aad440ca7d679a24510650ddb1_JaffaCakes118.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fc7274aad440ca7d679a24510650ddb1_JaffaCakes118
-
Size
120KB
-
MD5
fc7274aad440ca7d679a24510650ddb1
-
SHA1
cb10c8a0891a4f0680bd7e9e53db91edb5e03afa
-
SHA256
a83307df0ab0118dc893590e6448f66983e0173df076e10f25a9d1c56a2fd952
-
SHA512
f645f4e10b3832b5e925d9c2be8fa7f1bdd66d6d1447e4b101574635ba99adc5a02b9ed62c458f04f8dd3939ec52e335d639bb5832d0832b795cfed494612f60
-
SSDEEP
3072:Ye27jUGi+Ju9bWcOkD8Tq3r0mEPY8Ln8Vvy30:Ye27w+SOkYOvy
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5