Overview

overview

10

Static

static

3

JaffaCakes...90.exe

windows7-x64

10

JaffaCakes...90.exe

windows10-2004-x64

10

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...or.dll

windows7-x64

3

$PLUGINSDI...or.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$_18_/Uninstall.exe

windows7-x64

10

$_18_/Uninstall.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_49ee1546d533b0564b3c87bdfd17a990

  • Size

    372KB

  • Sample

    250101-gvpc9swrhy

  • MD5

    49ee1546d533b0564b3c87bdfd17a990

  • SHA1

    7e9e08c563e557aaac7c3aebf95ecfede47e8b17

  • SHA256

    69f06276091a66e62e3ea36ba440a1eb7fc4d9b2af39d66744914ebdde09789a

  • SHA512

    debff45cfa3ed3db544df34dc9fff0b45b340a0d28dd822e2ab6ed7f34b00d1c92e7817b8fab5212820a33300b7d282c5a2ac6acb59d43d727c6fade810b19ba

  • SSDEEP

    6144:5e34DT2SJO4FM0rHL8Fh1tcVNwib8skL75+ZPPfnE2Qyn2FEtt2NB6+s1rqy:TT2SM2L8QktPLF+ZPPfnEUnsEWfXs1rR

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      JaffaCakes118_49ee1546d533b0564b3c87bdfd17a990

    • Size

      372KB

    • MD5

      49ee1546d533b0564b3c87bdfd17a990

    • SHA1

      7e9e08c563e557aaac7c3aebf95ecfede47e8b17

    • SHA256

      69f06276091a66e62e3ea36ba440a1eb7fc4d9b2af39d66744914ebdde09789a

    • SHA512

      debff45cfa3ed3db544df34dc9fff0b45b340a0d28dd822e2ab6ed7f34b00d1c92e7817b8fab5212820a33300b7d282c5a2ac6acb59d43d727c6fade810b19ba

    • SSDEEP

      6144:5e34DT2SJO4FM0rHL8Fh1tcVNwib8skL75+ZPPfnE2Qyn2FEtt2NB6+s1rqy:TT2SM2L8QktPLF+ZPPfnEUnsEWfXs1rR

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/IpConfig.dll

    • Size

      114KB

    • MD5

      a3ed6f7ea493b9644125d494fbf9a1e6

    • SHA1

      ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

    • SHA256

      ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

    • SHA512

      7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

    • SSDEEP

      1536:CPDzpyvLtmY7SeAmhPzV8+i7kRuACUxHf91MionF9JTwrLPG5zfO+lP7:UZl1e7L4ARzC3dwrLPG5zG+lP7

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/WmiInspector.dll

    • Size

      104KB

    • MD5

      8531346d16fa5d4768f6530d2eb2b65c

    • SHA1

      153601d36aa0ddfbc597b1e890917364878791ca

    • SHA256

      a9347413de4b0f90cac0b5e300cec9c867bdb28bd7a60d07b10fd31ee56c60cb

    • SHA512

      f214e75de20edeb7eece02659fd7dafc8c3d63c2350c58825bc6e9ce0b73237962d8273b4bc803a2f304cee9f9cad1cd4edab28322c1e678bc25eb88faa6a841

    • SSDEEP

      1536:V8FVCqSrlWzXRaGDejG4jsenxiqIjF3/BWBk7/lU6wt1bA:OaqSr4XkGuxny93Vwt1bA

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      f02155fa3e59a8fc48a74a236b2bb42e

    • SHA1

      6d76ee8f86fb29f3352c9546250d940f1a476fb8

    • SHA256

      096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

    • SHA512

      8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

    • SSDEEP

      384:voJLJVqG5WLJgu/Emx1Ywxd2ZmX66vwUhU7ya4LC0Ac9khYLMkIX0+Gv8gcLom7:AJVkN8mHYwxdWmX3wUhUua4LeT7

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $_18_/Uninstall.exe

    • Size

      154KB

    • MD5

      3014cd6d2e05d3734d2b0478f15bd98e

    • SHA1

      ec48b2da5463094a918b6bed8c2565341f1e0f47

    • SHA256

      899d2288b5e46d0ede1f792434d3c4ebb05697065a5e5029275623770c49be04

    • SHA512

      84ad149cd8b920379743015394ec56e3ea2dea013a79931b3f519491c05e47af10f190509274103966c02a91ef17ad6df1d192a972185667ede3a2f3aff31d25

    • SSDEEP

      3072:5gXdZd9P6D3XJ1ceAy1jqw8SOdOO41zM00YpFZpF+ViOQAenO9o4sK:5e34bmy2SJO4FM0rHL8TQAIkF

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      f02155fa3e59a8fc48a74a236b2bb42e

    • SHA1

      6d76ee8f86fb29f3352c9546250d940f1a476fb8

    • SHA256

      096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

    • SHA512

      8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

    • SSDEEP

      384:voJLJVqG5WLJgu/Emx1Ywxd2ZmX66vwUhU7ya4LC0Ac9khYLMkIX0+Gv8gcLom7:AJVkN8mHYwxdWmX3wUhUua4LeT7

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks