General

  • Target

    fc905307c1448a878eea71170365a7d0_JaffaCakes118

  • Size

    152KB

  • Sample

    241218-wjhtnsxjcz

  • MD5

    fc905307c1448a878eea71170365a7d0

  • SHA1

    a2e021add1e73667f5a9777a8f318d90f493569d

  • SHA256

    a98187537d1e261ebe90e04957fc956dc8b5cbee956f6c1e5cfb24be462d8668

  • SHA512

    816235abe8fe78852d346857b9f968253285d1dc9e094515feb4fb2dccba157644a51ca26e82c38c3063cadbcaa5ec9d72fbadd7d4de3205a67762916035822a

  • SSDEEP

    3072:QvnBaaWJ89cnN5eo749OJo9VD96fzfZNHhUPdcLF3iQ:QvncX29cfv40Sf9ENHuPdk37

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      fc905307c1448a878eea71170365a7d0_JaffaCakes118

    • Size

      152KB

    • MD5

      fc905307c1448a878eea71170365a7d0

    • SHA1

      a2e021add1e73667f5a9777a8f318d90f493569d

    • SHA256

      a98187537d1e261ebe90e04957fc956dc8b5cbee956f6c1e5cfb24be462d8668

    • SHA512

      816235abe8fe78852d346857b9f968253285d1dc9e094515feb4fb2dccba157644a51ca26e82c38c3063cadbcaa5ec9d72fbadd7d4de3205a67762916035822a

    • SSDEEP

      3072:QvnBaaWJ89cnN5eo749OJo9VD96fzfZNHhUPdcLF3iQ:QvncX29cfv40Sf9ENHuPdk37

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      61151aff8c92ca17b3fab51ce1ca7156

    • SHA1

      68a02015863c2877a20c27da45704028dbaa7eff

    • SHA256

      af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d

    • SHA512

      4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

    • SSDEEP

      192:2OShJI/rmOAIPkWpUybQ9WhP4t5Rwc89XbubZaX5:n6OAOkWWycGP4XRwc2qFaX5

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      2b006bbf7c9295683eddfad40008be85

    • SHA1

      b3f42a8e2ff172d51418c72811586b11ed589909

    • SHA256

      9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88

    • SHA512

      e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8

    Score
    3/10
    • Target

      $TEMP/gtalkwmp1.dll

    • Size

      68KB

    • MD5

      f341a096bbc785dc39e0170ff725a7d5

    • SHA1

      75b233a2fc20ff4a748c65b80c17188f63b9cd53

    • SHA256

      fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b

    • SHA512

      fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a

    • SSDEEP

      1536:tEAx/fgfg9yE7qnuhyP27auArvBMJlFf:tDxBZqV2evBMJlF

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks