General
-
Target
JaffaCakes118_9ab0ccc5a8033110e536b541a5028cfe
-
Size
100KB
-
Sample
250405-qr83yaxvgz
-
MD5
9ab0ccc5a8033110e536b541a5028cfe
-
SHA1
a7cdbdcc395b66f162d033880ed892f201fec5a7
-
SHA256
4993ef2c6ec426e2bab742f375089920134b2a5ce87d3fabf30c9949c6e62904
-
SHA512
278a7a9a1791b4dd3cea6fce644ddd6e83f063671f128c4b7e714b2fe1c51ce6a279e076962de935ec481e3b780d84669dbb5d98fb1faf07ea78d01ed63d13d0
-
SSDEEP
3072:3+MmVISPSmE2dLGNoIbZCn246aR5pS8TLys:wVlSmtdLeoao24npSOGs
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_9ab0ccc5a8033110e536b541a5028cfe
-
Size
100KB
-
MD5
9ab0ccc5a8033110e536b541a5028cfe
-
SHA1
a7cdbdcc395b66f162d033880ed892f201fec5a7
-
SHA256
4993ef2c6ec426e2bab742f375089920134b2a5ce87d3fabf30c9949c6e62904
-
SHA512
278a7a9a1791b4dd3cea6fce644ddd6e83f063671f128c4b7e714b2fe1c51ce6a279e076962de935ec481e3b780d84669dbb5d98fb1faf07ea78d01ed63d13d0
-
SSDEEP
3072:3+MmVISPSmE2dLGNoIbZCn246aR5pS8TLys:wVlSmtdLeoao24npSOGs
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5