General
-
Target
JaffaCakes118_57180448a4be9c04f2e7471bdd41decf
-
Size
816KB
-
Sample
250306-vlg5gstpx3
-
MD5
57180448a4be9c04f2e7471bdd41decf
-
SHA1
1a9a3bc677e462ca92c1a6c575c3acb61c879832
-
SHA256
610b0d07b70450bed2ffe5d11d9f727ed077e34be2effbd7e4e6e2f28cf1ab50
-
SHA512
47690213ee6f0ff1a0e231fc0919f6e73c8b674d44a8ef44ca77a23d03b4a8e03dc6f21f114ff423d2a93e0061200cee9c5a918e512e154834cbcd33bb07c8e2
-
SSDEEP
12288:x0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+EFLpIePHbiu3:OCwsdPJyC29NplHd
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
JaffaCakes118_57180448a4be9c04f2e7471bdd41decf
-
Size
816KB
-
MD5
57180448a4be9c04f2e7471bdd41decf
-
SHA1
1a9a3bc677e462ca92c1a6c575c3acb61c879832
-
SHA256
610b0d07b70450bed2ffe5d11d9f727ed077e34be2effbd7e4e6e2f28cf1ab50
-
SHA512
47690213ee6f0ff1a0e231fc0919f6e73c8b674d44a8ef44ca77a23d03b4a8e03dc6f21f114ff423d2a93e0061200cee9c5a918e512e154834cbcd33bb07c8e2
-
SSDEEP
12288:x0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+EFLpIePHbiu3:OCwsdPJyC29NplHd
Score10/10-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3