General
-
Target
fff7be2d372e68b2b0c82bf3c573ed1f_JaffaCakes118
-
Size
100KB
-
Sample
241219-v5ajrawqhs
-
MD5
fff7be2d372e68b2b0c82bf3c573ed1f
-
SHA1
0582045fe47f6cfa22325693189001a1cd0c7936
-
SHA256
fabd019c710af93864cb2e3078a749cbf33782884c2efa2f2e3d9ff8795ddb1a
-
SHA512
fe9878fa20958feca9c1a4907b618e94d21cfb091e3635fa725e57bd8d8e05f2ca4cd9bc479e4bf463046dc14bcedf2e521cb08bac9336e9d99a6bcbd4d8758a
-
SSDEEP
3072:lRoSnkELWHzxoAqiv6wllhnOo9O/ImIHo:lTJizD9PlDOI
Static task
static1
Behavioral task
behavioral1
Sample
fff7be2d372e68b2b0c82bf3c573ed1f_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
fff7be2d372e68b2b0c82bf3c573ed1f_JaffaCakes118
-
Size
100KB
-
MD5
fff7be2d372e68b2b0c82bf3c573ed1f
-
SHA1
0582045fe47f6cfa22325693189001a1cd0c7936
-
SHA256
fabd019c710af93864cb2e3078a749cbf33782884c2efa2f2e3d9ff8795ddb1a
-
SHA512
fe9878fa20958feca9c1a4907b618e94d21cfb091e3635fa725e57bd8d8e05f2ca4cd9bc479e4bf463046dc14bcedf2e521cb08bac9336e9d99a6bcbd4d8758a
-
SSDEEP
3072:lRoSnkELWHzxoAqiv6wllhnOo9O/ImIHo:lTJizD9PlDOI
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5