General

  • Target

    ffb5f42044d2007e717e5c06e3d7f1ef_JaffaCakes118

  • Size

    278KB

  • Sample

    241219-nrvt7stjdk

  • MD5

    ffb5f42044d2007e717e5c06e3d7f1ef

  • SHA1

    88845a13d26ba329a4531ae5aa18d3e2df6198de

  • SHA256

    71ced23be02f5ecb884c8c9211e18bbaef872d9d3b825090343f1ecccbc69a1b

  • SHA512

    90089c7dd7ee2c365cbaacb10286b8b7322c449bd663c5b310e3771395a97246d62e0b3a20370a8e5f983559ad0cc90704d13f97601fb5c18b93000de9176d6b

  • SSDEEP

    6144:gwiGe38VeuvU/YCiSld17dx6mOdiW9lWPbtgwvJfQA8jJ:3efuvUQnIdwmCuRdOH9

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ffb5f42044d2007e717e5c06e3d7f1ef_JaffaCakes118

    • Size

      278KB

    • MD5

      ffb5f42044d2007e717e5c06e3d7f1ef

    • SHA1

      88845a13d26ba329a4531ae5aa18d3e2df6198de

    • SHA256

      71ced23be02f5ecb884c8c9211e18bbaef872d9d3b825090343f1ecccbc69a1b

    • SHA512

      90089c7dd7ee2c365cbaacb10286b8b7322c449bd663c5b310e3771395a97246d62e0b3a20370a8e5f983559ad0cc90704d13f97601fb5c18b93000de9176d6b

    • SSDEEP

      6144:gwiGe38VeuvU/YCiSld17dx6mOdiW9lWPbtgwvJfQA8jJ:3efuvUQnIdwmCuRdOH9

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks