General
-
Target
JaffaCakes118_945512a828b011560dcdc395183f2368
-
Size
9.9MB
-
Sample
250204-qnpvwsxkgt
-
MD5
945512a828b011560dcdc395183f2368
-
SHA1
fbe082c037c3288d62322dbec7c7a7495ac5d2f9
-
SHA256
d484c1cfb7ab020609d31abf58aa38fd810b1d8e24de5d44ee1119c70affa3f1
-
SHA512
71abc6e172dba1aae56848a7d3ad2de6710498de9e39bcd41ad5ffe6f43b11786e9b0348afd7a07f899697615219daac0f5f298313c68957c3d31effdf122dd6
-
SSDEEP
98304:8H1EVVA9Z8iAWomhbZKR25kqI6W8tdUzjyWipr7Gmhhx1KPa/48f5+6gOMHiTogC:T49OmhbUqI6EbPC/e1mMBrkjAqmv
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_945512a828b011560dcdc395183f2368
-
Size
9.9MB
-
MD5
945512a828b011560dcdc395183f2368
-
SHA1
fbe082c037c3288d62322dbec7c7a7495ac5d2f9
-
SHA256
d484c1cfb7ab020609d31abf58aa38fd810b1d8e24de5d44ee1119c70affa3f1
-
SHA512
71abc6e172dba1aae56848a7d3ad2de6710498de9e39bcd41ad5ffe6f43b11786e9b0348afd7a07f899697615219daac0f5f298313c68957c3d31effdf122dd6
-
SSDEEP
98304:8H1EVVA9Z8iAWomhbZKR25kqI6W8tdUzjyWipr7Gmhhx1KPa/48f5+6gOMHiTogC:T49OmhbUqI6EbPC/e1mMBrkjAqmv
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2