General
-
Target
JaffaCakes118_47712302d7ba7b476e6b3678811eca30
-
Size
278KB
-
Sample
250128-gesezszjck
-
MD5
47712302d7ba7b476e6b3678811eca30
-
SHA1
65215667197a1f6662d172102fffe6e6727b2a98
-
SHA256
88f53207284d4100d9f9e0620c5a306aa3d797af36eae69fbb13270d9bb97c15
-
SHA512
38e4dbbcfb4ddac2685560fbafd752273df61164f74874c7c4b4b8f11eee7c631b41b3abd661fdc6418d4aa78bc779b83f0b0d8d5d75c7d573fde9d822536a93
-
SSDEEP
3072:TQg0zDnD4nbJcyWq0pBOrmKK4LZUasx0u0bN8EeXD517wRvf0dE:mSxrj5ZUZxkbNkXDD+1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_47712302d7ba7b476e6b3678811eca30
-
Size
278KB
-
MD5
47712302d7ba7b476e6b3678811eca30
-
SHA1
65215667197a1f6662d172102fffe6e6727b2a98
-
SHA256
88f53207284d4100d9f9e0620c5a306aa3d797af36eae69fbb13270d9bb97c15
-
SHA512
38e4dbbcfb4ddac2685560fbafd752273df61164f74874c7c4b4b8f11eee7c631b41b3abd661fdc6418d4aa78bc779b83f0b0d8d5d75c7d573fde9d822536a93
-
SSDEEP
3072:TQg0zDnD4nbJcyWq0pBOrmKK4LZUasx0u0bN8EeXD517wRvf0dE:mSxrj5ZUZxkbNkXDD+1
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2