General

  • Target

    fe867f1158b0d7801485582c5ea3b652_JaffaCakes118

  • Size

    177KB

  • Sample

    241219-fkva4azpdr

  • MD5

    fe867f1158b0d7801485582c5ea3b652

  • SHA1

    15efddff123ad4c8643b681b28202c0e96791b89

  • SHA256

    c23890e3707c8d92725be749477730e86d8932a62d237956f411aa7c3d0f818e

  • SHA512

    71d5c609cd73b4747ba3ffe646da551350790c6c730e9b7cd271cc60f1ca7a9af9406213274d2f5871cb97346a927171e2089a212389f6aa9bcfc7026971ec57

  • SSDEEP

    3072:AXzKcNJAjEQx0HNWoE8Kxp8CxbjToRcjpvypYu0kYX/cl4fggNoQB6/B/:bwAj5Q4oqxp8C5+cgD0tJNz0Z/

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      Server.exe

    • Size

      378KB

    • MD5

      2259d80782439b55d0d44eb0a2b39a24

    • SHA1

      a072494a995cdeeed9c38a8e4f0e9e02167283b9

    • SHA256

      0b52cb6c4cda4706e62dd403e58626a911019c557b6a30cb1ec3fea27cc4a131

    • SHA512

      12caff1c80f5a2291b3bd0b1e37c742cf24606093b82399bfaf71353b662a280cafee1acfb542890230d824bda29fe25600d3dc5795e7a3bf4c65b642adc9e70

    • SSDEEP

      3072:bHxJqtiEbBIn6VVGxFYdCLYMywMKvIl3wpjM9jtXrMs5CH3ulOmT2oYZAsnGTW81:Mjjw3vIlGqtbMuCHZLyFa8H

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks