General
-
Target
JaffaCakes118_8885f79ca7fba35c7eb8e9f5fb95aed8
-
Size
153KB
-
Sample
250203-pr4msa1lfs
-
MD5
8885f79ca7fba35c7eb8e9f5fb95aed8
-
SHA1
ea266403d274ca47c5344271f9ca03164e52cda9
-
SHA256
43b8c5185c2106b7fec55fd48b59710f84d78d324b4846fa2758b196fd19cfaa
-
SHA512
a9c6405fbf5c91366183d8da7b97279e0b2ace5c120605229b3570f3358a165bb6555f82c8f1c09b8aead49488e38f31dc6fb28d4717a41b04a38fd49e7cc23a
-
SSDEEP
3072:+/btCZtUc+vA0637elgUUjeWZ7qdCy9I93xgc4Hra4N:+/bGSvAJLXnjeAqo7mcgrV
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_8885f79ca7fba35c7eb8e9f5fb95aed8
-
Size
153KB
-
MD5
8885f79ca7fba35c7eb8e9f5fb95aed8
-
SHA1
ea266403d274ca47c5344271f9ca03164e52cda9
-
SHA256
43b8c5185c2106b7fec55fd48b59710f84d78d324b4846fa2758b196fd19cfaa
-
SHA512
a9c6405fbf5c91366183d8da7b97279e0b2ace5c120605229b3570f3358a165bb6555f82c8f1c09b8aead49488e38f31dc6fb28d4717a41b04a38fd49e7cc23a
-
SSDEEP
3072:+/btCZtUc+vA0637elgUUjeWZ7qdCy9I93xgc4Hra4N:+/bGSvAJLXnjeAqo7mcgrV
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5