General
-
Target
fddd17b0ce7560ea4546b1107f7f373f_JaffaCakes118
-
Size
96KB
-
Sample
241219-bnrl6a1nel
-
MD5
fddd17b0ce7560ea4546b1107f7f373f
-
SHA1
3a462afa6c48b706e399601fc25b925b4d7a7681
-
SHA256
f84a34df01365b4654aafdb01e32ca3180e3a9b1161ab5e89f4fa5018703bb0b
-
SHA512
6f74a762e40fbe572ea9ae23273bf615c9fccbe2379628309597d2f8dd3e74e3f1a4dbb34f30844ccede64b31e7f17aad38b6e867356289ecec624b8453a18ca
-
SSDEEP
1536:vD9EZUCNHFKvcaCPtAfzMHepAS8G1vamBYQxAFhqq+WBd5QWf:rK+klKvcayteXAqXAf1+Wz5Tf
Static task
static1
Behavioral task
behavioral1
Sample
fddd17b0ce7560ea4546b1107f7f373f_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
fddd17b0ce7560ea4546b1107f7f373f_JaffaCakes118
-
Size
96KB
-
MD5
fddd17b0ce7560ea4546b1107f7f373f
-
SHA1
3a462afa6c48b706e399601fc25b925b4d7a7681
-
SHA256
f84a34df01365b4654aafdb01e32ca3180e3a9b1161ab5e89f4fa5018703bb0b
-
SHA512
6f74a762e40fbe572ea9ae23273bf615c9fccbe2379628309597d2f8dd3e74e3f1a4dbb34f30844ccede64b31e7f17aad38b6e867356289ecec624b8453a18ca
-
SSDEEP
1536:vD9EZUCNHFKvcaCPtAfzMHepAS8G1vamBYQxAFhqq+WBd5QWf:rK+klKvcayteXAqXAf1+Wz5Tf
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5