General
-
Target
JaffaCakes118_b53fa639887fd4a5f5e38b652af9046a
-
Size
401KB
-
Sample
250207-kvy49axkfj
-
MD5
b53fa639887fd4a5f5e38b652af9046a
-
SHA1
4ae09875d419f8a60b6c42a9172223237f245d1b
-
SHA256
d44a8529ea91e952f7ec694412d5880b5e42d8325a9623757b54314dae2f2515
-
SHA512
f1df4fc8e5c1d02fb77ca67c3e40b2eb1f0d40215545c68e5dd7e1fbadd97b05ff930789d7a7b2d0f0ce1de3ba9b397e926bff3828770ab1d02f74d6cac177d8
-
SSDEEP
3072:ach1NSmO+b86PcvgKOEtIXRjdqVukdRoUrPkjs:NnNbO+bfPcvgKVstyuIjD
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_b53fa639887fd4a5f5e38b652af9046a
-
Size
401KB
-
MD5
b53fa639887fd4a5f5e38b652af9046a
-
SHA1
4ae09875d419f8a60b6c42a9172223237f245d1b
-
SHA256
d44a8529ea91e952f7ec694412d5880b5e42d8325a9623757b54314dae2f2515
-
SHA512
f1df4fc8e5c1d02fb77ca67c3e40b2eb1f0d40215545c68e5dd7e1fbadd97b05ff930789d7a7b2d0f0ce1de3ba9b397e926bff3828770ab1d02f74d6cac177d8
-
SSDEEP
3072:ach1NSmO+b86PcvgKOEtIXRjdqVukdRoUrPkjs:NnNbO+bfPcvgKVstyuIjD
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Modifies Windows Firewall
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2