General
-
Target
ffd66df29a5cdbef0f3f64f7052e15e6_JaffaCakes118
-
Size
108KB
-
Sample
241219-t664nswnaq
-
MD5
ffd66df29a5cdbef0f3f64f7052e15e6
-
SHA1
054649eed917ed04916d7a3019fb3b056eceda57
-
SHA256
ea4859887a772f2f12d8110231112465c6be6a679903ef0a9583b62f6f718671
-
SHA512
180f1d259085572282f1f9264511596143171bc499aa8be266a4b1dae8ce6f8b5c52a0b77a6245b69d08f55a0d025c026f83bd4dc7f49c5fc74460ac29d077c7
-
SSDEEP
1536:hJiPCTcEiH803ihm1UXofuNFSGpHgqb1aX/L2N3HSREYdTwFGcGv:hUPqc80q3NRploz2NEdeG
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ffd66df29a5cdbef0f3f64f7052e15e6_JaffaCakes118
-
Size
108KB
-
MD5
ffd66df29a5cdbef0f3f64f7052e15e6
-
SHA1
054649eed917ed04916d7a3019fb3b056eceda57
-
SHA256
ea4859887a772f2f12d8110231112465c6be6a679903ef0a9583b62f6f718671
-
SHA512
180f1d259085572282f1f9264511596143171bc499aa8be266a4b1dae8ce6f8b5c52a0b77a6245b69d08f55a0d025c026f83bd4dc7f49c5fc74460ac29d077c7
-
SSDEEP
1536:hJiPCTcEiH803ihm1UXofuNFSGpHgqb1aX/L2N3HSREYdTwFGcGv:hUPqc80q3NRploz2NEdeG
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5