Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
31-12-2024 03:25
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0288c87e5c034415afd9a660d550a5d1.exe
Resource
win7-20241010-en
General
-
Target
JaffaCakes118_0288c87e5c034415afd9a660d550a5d1.exe
-
Size
375KB
-
MD5
0288c87e5c034415afd9a660d550a5d1
-
SHA1
5eafc101d55812b7343bc9c46c14722bfcb38e63
-
SHA256
05f7d2713db56804e2a985c3cf62141db7e646909c58c0de189e9aa6a15fc974
-
SHA512
d5a6bb3844e869d6a9dfd710b37ddfab1310e59497ade23690df47bdf0cb934a001545fc2e02c553b2aed2f8500a71f7437ab59d6c66e6fd07ba123b35967a77
-
SSDEEP
6144:h6eX4uyIJDTtQIO5xK4byFcF1gWbgaLW3P+BZd0Q0YFwRwjb4SIGYDh6WJoPE:hwujWZyFcF1rbga63PcZdx5jJIGYV6Wi
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
Sality family
-
resource yara_rule behavioral1/memory/1116-1-0x0000000001ED0000-0x0000000002F5E000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_0288c87e5c034415afd9a660d550a5d1.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1116 JaffaCakes118_0288c87e5c034415afd9a660d550a5d1.exe