Overview

overview

10

Static

static

3

JaffaCakes...05.dll

windows7-x64

7

JaffaCakes...05.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_412b509abe1fad2154f0b023de2e9505

  • Size

    835KB

  • Sample

    250101-a45chszrdn

  • MD5

    412b509abe1fad2154f0b023de2e9505

  • SHA1

    65c400ffd6a088aadd186a292d9e3f0321f2d28d

  • SHA256

    39e62a231bab84921afd32ba1e12d7501f94c2b8665ba63eca4b6c930423d579

  • SHA512

    37baa28cdd8ba7a087a6ff9e7182b1dea49498bd38673f3f793c3cb9319e47c3c35e59c699c6b6cc0ad7aa7ef4ca6b3116b331f4e1992f0e93183023f6b0a29d

  • SSDEEP

    12288:mE7NiOLg18+1/hv5VEipyz7mTWWa8afR2ftuD1xbmiULIjpkyGWi9:mE3+F5GipwuWWpj+0ygWM

Score
10/10
salitybackdoordiscoveryupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      JaffaCakes118_412b509abe1fad2154f0b023de2e9505

    • Size

      835KB

    • MD5

      412b509abe1fad2154f0b023de2e9505

    • SHA1

      65c400ffd6a088aadd186a292d9e3f0321f2d28d

    • SHA256

      39e62a231bab84921afd32ba1e12d7501f94c2b8665ba63eca4b6c930423d579

    • SHA512

      37baa28cdd8ba7a087a6ff9e7182b1dea49498bd38673f3f793c3cb9319e47c3c35e59c699c6b6cc0ad7aa7ef4ca6b3116b331f4e1992f0e93183023f6b0a29d

    • SSDEEP

      12288:mE7NiOLg18+1/hv5VEipyz7mTWWa8afR2ftuD1xbmiULIjpkyGWi9:mE3+F5GipwuWWpj+0ygWM

    Score
    10/10
    discoveryupxsalitybackdoor

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks