General
-
Target
fe867f1158b0d7801485582c5ea3b652_JaffaCakes118
-
Size
177KB
-
Sample
241219-fkva4azpdr
-
MD5
fe867f1158b0d7801485582c5ea3b652
-
SHA1
15efddff123ad4c8643b681b28202c0e96791b89
-
SHA256
c23890e3707c8d92725be749477730e86d8932a62d237956f411aa7c3d0f818e
-
SHA512
71d5c609cd73b4747ba3ffe646da551350790c6c730e9b7cd271cc60f1ca7a9af9406213274d2f5871cb97346a927171e2089a212389f6aa9bcfc7026971ec57
-
SSDEEP
3072:AXzKcNJAjEQx0HNWoE8Kxp8CxbjToRcjpvypYu0kYX/cl4fggNoQB6/B/:bwAj5Q4oqxp8C5+cgD0tJNz0Z/
Static task
static1
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
Server.exe
-
Size
378KB
-
MD5
2259d80782439b55d0d44eb0a2b39a24
-
SHA1
a072494a995cdeeed9c38a8e4f0e9e02167283b9
-
SHA256
0b52cb6c4cda4706e62dd403e58626a911019c557b6a30cb1ec3fea27cc4a131
-
SHA512
12caff1c80f5a2291b3bd0b1e37c742cf24606093b82399bfaf71353b662a280cafee1acfb542890230d824bda29fe25600d3dc5795e7a3bf4c65b642adc9e70
-
SSDEEP
3072:bHxJqtiEbBIn6VVGxFYdCLYMywMKvIl3wpjM9jtXrMs5CH3ulOmT2oYZAsnGTW81:Mjjw3vIlGqtbMuCHZLyFa8H
-
Modifies firewall policy service
-
Sality family
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1