General
-
Target
ffadc11a2b182468167202112a12ef4e_JaffaCakes118
-
Size
120KB
-
Sample
241219-nkngjssmax
-
MD5
ffadc11a2b182468167202112a12ef4e
-
SHA1
6a078c811bef0126ba504cf345fef0c9de311753
-
SHA256
d7e49d0c45349b6a63192ee904ba95e7924fbbba5fea53c79eb87adadd5153e6
-
SHA512
81338d1fb028b46470eaa29a7bdab746f35595c9da786673144b62234eace8a371a962ca16a3816ddb89e652b2564b3eca279ce55ab44ee13391000bb6be8998
-
SSDEEP
1536:cbtcFcpC17M21Wa/UzRQq9oj6ategLsFN1tO/FKTZopLQJA:cbtcFcpC+2ka/S6uUdzQFvw9KTWpLQJ
Static task
static1
Behavioral task
behavioral1
Sample
ffadc11a2b182468167202112a12ef4e_JaffaCakes118.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ffadc11a2b182468167202112a12ef4e_JaffaCakes118
-
Size
120KB
-
MD5
ffadc11a2b182468167202112a12ef4e
-
SHA1
6a078c811bef0126ba504cf345fef0c9de311753
-
SHA256
d7e49d0c45349b6a63192ee904ba95e7924fbbba5fea53c79eb87adadd5153e6
-
SHA512
81338d1fb028b46470eaa29a7bdab746f35595c9da786673144b62234eace8a371a962ca16a3816ddb89e652b2564b3eca279ce55ab44ee13391000bb6be8998
-
SSDEEP
1536:cbtcFcpC17M21Wa/UzRQq9oj6ategLsFN1tO/FKTZopLQJA:cbtcFcpC+2ka/S6uUdzQFvw9KTWpLQJ
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5