Overview
overview
10Static
static
5fc905307c1...18.exe
windows7-x64
10fc905307c1...18.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$TEMP/gtalkwmp1.dll
windows7-x64
3$TEMP/gtalkwmp1.dll
windows10-2004-x64
3General
-
Target
fc905307c1448a878eea71170365a7d0_JaffaCakes118
-
Size
152KB
-
Sample
241218-wjhtnsxjcz
-
MD5
fc905307c1448a878eea71170365a7d0
-
SHA1
a2e021add1e73667f5a9777a8f318d90f493569d
-
SHA256
a98187537d1e261ebe90e04957fc956dc8b5cbee956f6c1e5cfb24be462d8668
-
SHA512
816235abe8fe78852d346857b9f968253285d1dc9e094515feb4fb2dccba157644a51ca26e82c38c3063cadbcaa5ec9d72fbadd7d4de3205a67762916035822a
-
SSDEEP
3072:QvnBaaWJ89cnN5eo749OJo9VD96fzfZNHhUPdcLF3iQ:QvncX29cfv40Sf9ENHuPdk37
Behavioral task
behavioral1
Sample
fc905307c1448a878eea71170365a7d0_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fc905307c1448a878eea71170365a7d0_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$TEMP/gtalkwmp1.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$TEMP/gtalkwmp1.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
fc905307c1448a878eea71170365a7d0_JaffaCakes118
-
Size
152KB
-
MD5
fc905307c1448a878eea71170365a7d0
-
SHA1
a2e021add1e73667f5a9777a8f318d90f493569d
-
SHA256
a98187537d1e261ebe90e04957fc956dc8b5cbee956f6c1e5cfb24be462d8668
-
SHA512
816235abe8fe78852d346857b9f968253285d1dc9e094515feb4fb2dccba157644a51ca26e82c38c3063cadbcaa5ec9d72fbadd7d4de3205a67762916035822a
-
SSDEEP
3072:QvnBaaWJ89cnN5eo749OJo9VD96fzfZNHhUPdcLF3iQ:QvncX29cfv40Sf9ENHuPdk37
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
61151aff8c92ca17b3fab51ce1ca7156
-
SHA1
68a02015863c2877a20c27da45704028dbaa7eff
-
SHA256
af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d
-
SHA512
4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e
-
SSDEEP
192:2OShJI/rmOAIPkWpUybQ9WhP4t5Rwc89XbubZaX5:n6OAOkWWycGP4XRwc2qFaX5
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
2b006bbf7c9295683eddfad40008be85
-
SHA1
b3f42a8e2ff172d51418c72811586b11ed589909
-
SHA256
9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88
-
SHA512
e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8
Score3/10 -
-
-
Target
$TEMP/gtalkwmp1.dll
-
Size
68KB
-
MD5
f341a096bbc785dc39e0170ff725a7d5
-
SHA1
75b233a2fc20ff4a748c65b80c17188f63b9cd53
-
SHA256
fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b
-
SHA512
fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a
-
SSDEEP
1536:tEAx/fgfg9yE7qnuhyP27auArvBMJlFf:tDxBZqV2evBMJlF
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5