General
-
Target
19a6246a1435a30f0008abb10bc68c96_JaffaCakes118
-
Size
543KB
-
Sample
240628-lk12jasema
-
MD5
19a6246a1435a30f0008abb10bc68c96
-
SHA1
a51538a5690372b38b02f461f4b999cae7dccfdd
-
SHA256
a76ee877788df636d9321a2ecf83ac4947f4f8f2cb29efcde57ae280ee3e2a8b
-
SHA512
3df35a1e78d68f024a0f5d5b28ea21c8d16f48997330e8cd748ecbd29539ac47b2d17d55a2245ef5d3ec5e888a38b4678758e59ddb30f6d79360216be2dadfb3
-
SSDEEP
6144:KxWjVNXjGGlfUCfdvfeOsXoxyKegus+b0GRcq8ns3NFNB38Bq7Zzcjs:KxWRF/lVhW8vt+b0GRWE78BqNqs
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
19a6246a1435a30f0008abb10bc68c96_JaffaCakes118
-
Size
543KB
-
MD5
19a6246a1435a30f0008abb10bc68c96
-
SHA1
a51538a5690372b38b02f461f4b999cae7dccfdd
-
SHA256
a76ee877788df636d9321a2ecf83ac4947f4f8f2cb29efcde57ae280ee3e2a8b
-
SHA512
3df35a1e78d68f024a0f5d5b28ea21c8d16f48997330e8cd748ecbd29539ac47b2d17d55a2245ef5d3ec5e888a38b4678758e59ddb30f6d79360216be2dadfb3
-
SSDEEP
6144:KxWjVNXjGGlfUCfdvfeOsXoxyKegus+b0GRcq8ns3NFNB38Bq7Zzcjs:KxWRF/lVhW8vt+b0GRWE78BqNqs
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1