General

  • Target

    ffadc11a2b182468167202112a12ef4e_JaffaCakes118

  • Size

    120KB

  • Sample

    241219-nkngjssmax

  • MD5

    ffadc11a2b182468167202112a12ef4e

  • SHA1

    6a078c811bef0126ba504cf345fef0c9de311753

  • SHA256

    d7e49d0c45349b6a63192ee904ba95e7924fbbba5fea53c79eb87adadd5153e6

  • SHA512

    81338d1fb028b46470eaa29a7bdab746f35595c9da786673144b62234eace8a371a962ca16a3816ddb89e652b2564b3eca279ce55ab44ee13391000bb6be8998

  • SSDEEP

    1536:cbtcFcpC17M21Wa/UzRQq9oj6ategLsFN1tO/FKTZopLQJA:cbtcFcpC+2ka/S6uUdzQFvw9KTWpLQJ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ffadc11a2b182468167202112a12ef4e_JaffaCakes118

    • Size

      120KB

    • MD5

      ffadc11a2b182468167202112a12ef4e

    • SHA1

      6a078c811bef0126ba504cf345fef0c9de311753

    • SHA256

      d7e49d0c45349b6a63192ee904ba95e7924fbbba5fea53c79eb87adadd5153e6

    • SHA512

      81338d1fb028b46470eaa29a7bdab746f35595c9da786673144b62234eace8a371a962ca16a3816ddb89e652b2564b3eca279ce55ab44ee13391000bb6be8998

    • SSDEEP

      1536:cbtcFcpC17M21Wa/UzRQq9oj6ategLsFN1tO/FKTZopLQJA:cbtcFcpC+2ka/S6uUdzQFvw9KTWpLQJ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks