General
-
Target
JaffaCakes118_4c5c07dfcc59579822512e350f40ac4a
-
Size
112KB
-
Sample
250128-srn4waspgs
-
MD5
4c5c07dfcc59579822512e350f40ac4a
-
SHA1
9335a800a96f3d877607cb4be92f71678ce9c89c
-
SHA256
5a7e66befb5ec2d8be73bc4b7298546d77dffc6a88047e8b5371cc078bf2194d
-
SHA512
adf3dce5fb355d386f4211fe48ad735c7f8df56a06bbac55bf4394664e33d56b22e3c76c1922cb2dee2855a766d882313c0df87e2d8b800148488da78b10ed5c
-
SSDEEP
1536:0JQj+5nL6gUd9mmimlskwlRcDXV7R4qViRaVKssCrlVA8hcsUpoVJ:h+ggUd9Zimlzwl4XV14mqaMssCrAB+VJ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_4c5c07dfcc59579822512e350f40ac4a
-
Size
112KB
-
MD5
4c5c07dfcc59579822512e350f40ac4a
-
SHA1
9335a800a96f3d877607cb4be92f71678ce9c89c
-
SHA256
5a7e66befb5ec2d8be73bc4b7298546d77dffc6a88047e8b5371cc078bf2194d
-
SHA512
adf3dce5fb355d386f4211fe48ad735c7f8df56a06bbac55bf4394664e33d56b22e3c76c1922cb2dee2855a766d882313c0df87e2d8b800148488da78b10ed5c
-
SSDEEP
1536:0JQj+5nL6gUd9mmimlskwlRcDXV7R4qViRaVKssCrlVA8hcsUpoVJ:h+ggUd9Zimlzwl4XV14mqaMssCrAB+VJ
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2