General
-
Target
JaffaCakes118_2d77d2f577083da93c829742929be45c
-
Size
143KB
-
Sample
250125-twftqs1jdt
-
MD5
2d77d2f577083da93c829742929be45c
-
SHA1
4f4112b376961580af78c6f796412f02e3e2e251
-
SHA256
06ed2ef13eb0584e6d71ca7e955949357850df74768330a79a3958171f1a47d6
-
SHA512
bbc5233c2c9f3eeb7d00301d76121fe5db5f8e24810ce94c6d2f1fba22c377191f42ba5f1dd715a23226ae0357b6b25b93b779b7165b98ea4158a303f9d37362
-
SSDEEP
3072:0Te4LldbC+2kYAI/3iNKqtgQO6nXk8c6F0gSeEsj0o95pNkydwN64yqnQsm7:WdbC+2kYpjaXkfBpsn5phuw43Y7
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_2d77d2f577083da93c829742929be45c
-
Size
143KB
-
MD5
2d77d2f577083da93c829742929be45c
-
SHA1
4f4112b376961580af78c6f796412f02e3e2e251
-
SHA256
06ed2ef13eb0584e6d71ca7e955949357850df74768330a79a3958171f1a47d6
-
SHA512
bbc5233c2c9f3eeb7d00301d76121fe5db5f8e24810ce94c6d2f1fba22c377191f42ba5f1dd715a23226ae0357b6b25b93b779b7165b98ea4158a303f9d37362
-
SSDEEP
3072:0Te4LldbC+2kYAI/3iNKqtgQO6nXk8c6F0gSeEsj0o95pNkydwN64yqnQsm7:WdbC+2kYpjaXkfBpsn5phuw43Y7
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2