General
-
Target
fcf578bf806e0b0c8f4ff2bfec9e4a34_JaffaCakes118
-
Size
223KB
-
Sample
241218-y1v7fa1mgm
-
MD5
fcf578bf806e0b0c8f4ff2bfec9e4a34
-
SHA1
bed802ac786945cc48bf3cf8193a72ae77ebec2d
-
SHA256
f6a808006cd133dd68f93cc63f57ce729111e7282c1b1e740f6e54ac73e8772f
-
SHA512
81a9940344041705a94c1d57489eb8c8119fbeab084147c8c72740f27696a6af2a6dfff095623d8a783789db57c4ed5c53a8d8721698033bf48e71f1747b3f8e
-
SSDEEP
6144:OhCJCpp6gEkKj0c8runJuP/MOKV3Q0j0SNUy:qH6LY3unJuPDqlNH
Static task
static1
Behavioral task
behavioral1
Sample
fcf578bf806e0b0c8f4ff2bfec9e4a34_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fcf578bf806e0b0c8f4ff2bfec9e4a34_JaffaCakes118
-
Size
223KB
-
MD5
fcf578bf806e0b0c8f4ff2bfec9e4a34
-
SHA1
bed802ac786945cc48bf3cf8193a72ae77ebec2d
-
SHA256
f6a808006cd133dd68f93cc63f57ce729111e7282c1b1e740f6e54ac73e8772f
-
SHA512
81a9940344041705a94c1d57489eb8c8119fbeab084147c8c72740f27696a6af2a6dfff095623d8a783789db57c4ed5c53a8d8721698033bf48e71f1747b3f8e
-
SSDEEP
6144:OhCJCpp6gEkKj0c8runJuP/MOKV3Q0j0SNUy:qH6LY3unJuPDqlNH
-
Modifies visibility of file extensions in Explorer
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5