General
-
Target
JaffaCakes118_a9513a7319f168045975d585a2ae91ce
-
Size
119KB
-
Sample
250206-kpt84ssjaq
-
MD5
a9513a7319f168045975d585a2ae91ce
-
SHA1
2a6cafd5d07cc4efd331cc0c95b3e767853250ff
-
SHA256
32a7e944f7c437d3341f18dd253d20864de0a431eac9036ff508e238d6d92ef5
-
SHA512
71c77523183699bdd2db5171c981de784ff9671f1effd4908f47ec578e4f7b66362a3218c96df2fdc8c66aff914598efed9eae2c37f7e5e2937cd05eeaebc89f
-
SSDEEP
3072:IiMn1F1CkOCRtnA3K6pAOkvAfTT9BxY27Ol3OwCnE+3D:IR1vjnB6p4vWrxf7CO/EgD
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_a9513a7319f168045975d585a2ae91ce
-
Size
119KB
-
MD5
a9513a7319f168045975d585a2ae91ce
-
SHA1
2a6cafd5d07cc4efd331cc0c95b3e767853250ff
-
SHA256
32a7e944f7c437d3341f18dd253d20864de0a431eac9036ff508e238d6d92ef5
-
SHA512
71c77523183699bdd2db5171c981de784ff9671f1effd4908f47ec578e4f7b66362a3218c96df2fdc8c66aff914598efed9eae2c37f7e5e2937cd05eeaebc89f
-
SSDEEP
3072:IiMn1F1CkOCRtnA3K6pAOkvAfTT9BxY27Ol3OwCnE+3D:IR1vjnB6p4vWrxf7CO/EgD
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5