General
-
Target
fe982c3c0a9998190a5da76f9965ed07_JaffaCakes118
-
Size
120KB
-
Sample
241219-f1jvas1lfq
-
MD5
fe982c3c0a9998190a5da76f9965ed07
-
SHA1
a818ada4517f108dab490db25f7eaf08a87682dd
-
SHA256
4e30c5eeb1866a8ef3b1dc0618c6080b34bf7fe77c72645005b31d9d43ce0415
-
SHA512
d22b36f82ca48987de6db872029708da4f788966e3dd0da49d74a3bb22c39189bef17e3d186996c08a6afedac8a5e7c0d17959807c5dd755ec9c226d194d3bd4
-
SSDEEP
1536:mxqNa4gnPlNQtYs2cp5KPnRp/NDGi7/4u3JqP0k0KwlATzzNRlWp11hLQAE:Ysa5nPlOmM+PRzDn7r3JqsjbAr6r
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fe982c3c0a9998190a5da76f9965ed07_JaffaCakes118
-
Size
120KB
-
MD5
fe982c3c0a9998190a5da76f9965ed07
-
SHA1
a818ada4517f108dab490db25f7eaf08a87682dd
-
SHA256
4e30c5eeb1866a8ef3b1dc0618c6080b34bf7fe77c72645005b31d9d43ce0415
-
SHA512
d22b36f82ca48987de6db872029708da4f788966e3dd0da49d74a3bb22c39189bef17e3d186996c08a6afedac8a5e7c0d17959807c5dd755ec9c226d194d3bd4
-
SSDEEP
1536:mxqNa4gnPlNQtYs2cp5KPnRp/NDGi7/4u3JqP0k0KwlATzzNRlWp11hLQAE:Ysa5nPlOmM+PRzDn7r3JqsjbAr6r
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5