General
-
Target
JaffaCakes118_a9f27fad4d698c0895eb131d6db8ed1b
-
Size
287KB
-
Sample
250206-l29d8stldr
-
MD5
a9f27fad4d698c0895eb131d6db8ed1b
-
SHA1
346fb32944f885fa1fbcd1a2ed1a867fae466e2b
-
SHA256
17cb043884f9c10afda3b7feffea2ac2d93dd7cd0836266d632d5056142f3987
-
SHA512
375415567ba8ebd3e123c9be2c69f01c6678873f2786f03b8d604cb0703dd71db37c4dc90f4dc90f80666b196b2f8eab19f20e402dc83aa5e19a88d73984c262
-
SSDEEP
3072:f+/XpaIC/jdelKE90KmIJQ3FKrKOYHhph3Z0ojWPTKGloGjHlJ7gB968Z7/CZTHQ:f+/Xpq8z4K14huXRWp
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_a9f27fad4d698c0895eb131d6db8ed1b
-
Size
287KB
-
MD5
a9f27fad4d698c0895eb131d6db8ed1b
-
SHA1
346fb32944f885fa1fbcd1a2ed1a867fae466e2b
-
SHA256
17cb043884f9c10afda3b7feffea2ac2d93dd7cd0836266d632d5056142f3987
-
SHA512
375415567ba8ebd3e123c9be2c69f01c6678873f2786f03b8d604cb0703dd71db37c4dc90f4dc90f80666b196b2f8eab19f20e402dc83aa5e19a88d73984c262
-
SSDEEP
3072:f+/XpaIC/jdelKE90KmIJQ3FKrKOYHhph3Z0ojWPTKGloGjHlJ7gB968Z7/CZTHQ:f+/Xpq8z4K14huXRWp
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
4