General

  • Target

    fc7274aad440ca7d679a24510650ddb1_JaffaCakes118

  • Size

    120KB

  • Sample

    241218-vwnd9awmcw

  • MD5

    fc7274aad440ca7d679a24510650ddb1

  • SHA1

    cb10c8a0891a4f0680bd7e9e53db91edb5e03afa

  • SHA256

    a83307df0ab0118dc893590e6448f66983e0173df076e10f25a9d1c56a2fd952

  • SHA512

    f645f4e10b3832b5e925d9c2be8fa7f1bdd66d6d1447e4b101574635ba99adc5a02b9ed62c458f04f8dd3939ec52e335d639bb5832d0832b795cfed494612f60

  • SSDEEP

    3072:Ye27jUGi+Ju9bWcOkD8Tq3r0mEPY8Ln8Vvy30:Ye27w+SOkYOvy

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      fc7274aad440ca7d679a24510650ddb1_JaffaCakes118

    • Size

      120KB

    • MD5

      fc7274aad440ca7d679a24510650ddb1

    • SHA1

      cb10c8a0891a4f0680bd7e9e53db91edb5e03afa

    • SHA256

      a83307df0ab0118dc893590e6448f66983e0173df076e10f25a9d1c56a2fd952

    • SHA512

      f645f4e10b3832b5e925d9c2be8fa7f1bdd66d6d1447e4b101574635ba99adc5a02b9ed62c458f04f8dd3939ec52e335d639bb5832d0832b795cfed494612f60

    • SSDEEP

      3072:Ye27jUGi+Ju9bWcOkD8Tq3r0mEPY8Ln8Vvy30:Ye27w+SOkYOvy

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks