General
-
Target
JaffaCakes118_9ee7c30619c678df05cc59abe35db568
-
Size
149KB
-
Sample
250205-m2b96svmcn
-
MD5
9ee7c30619c678df05cc59abe35db568
-
SHA1
b0f8c1d4fd1395bb9a3620b1e6649701316e08d9
-
SHA256
df632e09d17c92bd804483fa331f5fabf3b7033cb8d7fce4117e0554024e314b
-
SHA512
b4879500b2a67f5dfb6903473724fedd2f924828c74c4308009dc76810bb172210262937cb6d4774391ab9d827bf657775b60375dd58f37daf7d8d5d1b149e57
-
SSDEEP
3072:oIogqmJYuZNlIZ48YKcR9b12H+HLrCmsx0z4G9vfNzBhnx:RogqmJvwZvmsCz4GPDn
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_9ee7c30619c678df05cc59abe35db568
-
Size
149KB
-
MD5
9ee7c30619c678df05cc59abe35db568
-
SHA1
b0f8c1d4fd1395bb9a3620b1e6649701316e08d9
-
SHA256
df632e09d17c92bd804483fa331f5fabf3b7033cb8d7fce4117e0554024e314b
-
SHA512
b4879500b2a67f5dfb6903473724fedd2f924828c74c4308009dc76810bb172210262937cb6d4774391ab9d827bf657775b60375dd58f37daf7d8d5d1b149e57
-
SSDEEP
3072:oIogqmJYuZNlIZ48YKcR9b12H+HLrCmsx0z4G9vfNzBhnx:RogqmJvwZvmsCz4GPDn
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2