General
-
Target
ff591b2fe060931c3ca1c8759bc046e7_JaffaCakes118
-
Size
380KB
-
Sample
241219-llx19szkak
-
MD5
ff591b2fe060931c3ca1c8759bc046e7
-
SHA1
a18c242c7534e76effc9f8caf685205f5e52be87
-
SHA256
ce73ffa6393d6cfff66eaf7b4d4705f5aa256063526e26bcf2ff0c7b40bcd81c
-
SHA512
773467861b781e4c05322efc176c0dfc2556830dcac6ddc5aae985349a5b1086e3870a290cfbc591678992d038e823db5b605ad6353fd3f02db958e085f548ed
-
SSDEEP
6144:uqtWux9QZD4vTAfe24bXOxIWmOaKMEWlo:uSWux9i4vMmjbXONqllo
Static task
static1
Behavioral task
behavioral1
Sample
ff591b2fe060931c3ca1c8759bc046e7_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ff591b2fe060931c3ca1c8759bc046e7_JaffaCakes118
-
Size
380KB
-
MD5
ff591b2fe060931c3ca1c8759bc046e7
-
SHA1
a18c242c7534e76effc9f8caf685205f5e52be87
-
SHA256
ce73ffa6393d6cfff66eaf7b4d4705f5aa256063526e26bcf2ff0c7b40bcd81c
-
SHA512
773467861b781e4c05322efc176c0dfc2556830dcac6ddc5aae985349a5b1086e3870a290cfbc591678992d038e823db5b605ad6353fd3f02db958e085f548ed
-
SSDEEP
6144:uqtWux9QZD4vTAfe24bXOxIWmOaKMEWlo:uSWux9i4vMmjbXONqllo
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5