General
-
Target
JaffaCakes118_866a7486a8022f7a088f58e4eb1bd322
-
Size
256KB
-
Sample
250203-j7xlhsxpbr
-
MD5
866a7486a8022f7a088f58e4eb1bd322
-
SHA1
48d920ce86a75fe24b11b841b2b7d14de2671bb9
-
SHA256
34b54cd936109de793abf56935b21be1de9fbf5f6892bb00ecfc36c4668238a3
-
SHA512
5ff55d142f80ad7efd3ee1bffce1aa38b9e5ceeaa320a2ecbafb0d1b28a89d708f665c5e2deee5d3e420a79b89a619da881d876864a0ae59fced2fd2a41f628f
-
SSDEEP
6144:bMzzILGFkzhr0pGj9oXgIYZrcjrhGNRx7:TcoqGj9oXgIur8Qrx7
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_866a7486a8022f7a088f58e4eb1bd322
-
Size
256KB
-
MD5
866a7486a8022f7a088f58e4eb1bd322
-
SHA1
48d920ce86a75fe24b11b841b2b7d14de2671bb9
-
SHA256
34b54cd936109de793abf56935b21be1de9fbf5f6892bb00ecfc36c4668238a3
-
SHA512
5ff55d142f80ad7efd3ee1bffce1aa38b9e5ceeaa320a2ecbafb0d1b28a89d708f665c5e2deee5d3e420a79b89a619da881d876864a0ae59fced2fd2a41f628f
-
SSDEEP
6144:bMzzILGFkzhr0pGj9oXgIYZrcjrhGNRx7:TcoqGj9oXgIur8Qrx7
Score10/10-
Modifies firewall policy service
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5