General
-
Target
JaffaCakes118_9ad3ff5c5da8d0a7aa753a117b402db8
-
Size
100KB
-
Sample
250405-rtfpvayzax
-
MD5
9ad3ff5c5da8d0a7aa753a117b402db8
-
SHA1
37011ae8e9771714a4fcd79bd3f025b27db03939
-
SHA256
fffcae968c98143b68d7139e76186f06847ea1cb6b54021eb8ed30e9b4260896
-
SHA512
b438bf397b6d3a0bd15c3e018e6d8577d3eeedeec196709044037edcb6dd97b870dd966a667a5949d13bf67d1dc4fa40b0179ff3c7a07d9a73a73e33366cea26
-
SSDEEP
1536:Xoa78I1ePy9hiFbBvU7xJABzDbZ7hYhqtd/aM9mdodNlsW7BuL4hVkcR4:XojI0Uhi9YrA51dY6tvKodDsW0L0ScK
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
JaffaCakes118_9ad3ff5c5da8d0a7aa753a117b402db8
-
Size
100KB
-
MD5
9ad3ff5c5da8d0a7aa753a117b402db8
-
SHA1
37011ae8e9771714a4fcd79bd3f025b27db03939
-
SHA256
fffcae968c98143b68d7139e76186f06847ea1cb6b54021eb8ed30e9b4260896
-
SHA512
b438bf397b6d3a0bd15c3e018e6d8577d3eeedeec196709044037edcb6dd97b870dd966a667a5949d13bf67d1dc4fa40b0179ff3c7a07d9a73a73e33366cea26
-
SSDEEP
1536:Xoa78I1ePy9hiFbBvU7xJABzDbZ7hYhqtd/aM9mdodNlsW7BuL4hVkcR4:XojI0Uhi9YrA51dY6tvKodDsW0L0ScK
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5