General
-
Target
811d2f39dc7b04140205c4e48357ecca_JaffaCakes118
-
Size
463KB
-
Sample
240801-tebhpayaqr
-
MD5
811d2f39dc7b04140205c4e48357ecca
-
SHA1
77e036b841978eceaa2d7b40e8911d69cabeda92
-
SHA256
008383dd4f6767667acd4877c68dc9e9ddb31d5e2528422930cbc6e5203f1280
-
SHA512
c97310c9b6cae1fdf331b64b8968d6ff398ab186251f11152b51ed9b63322f3d4442b9cb442c957d4a0c87ecb282c51b8564cce2c1b103f8540a4cda5d871ceb
-
SSDEEP
12288:mqVKiSVti9bWmmcqm/pbBzQBlsEHWkIAI+Sc:FIiSVmdmiXoTVI+S
Behavioral task
behavioral1
Sample
811d2f39dc7b04140205c4e48357ecca_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
latentbot
blackshades.zapto.org
Targets
-
-
Target
811d2f39dc7b04140205c4e48357ecca_JaffaCakes118
-
Size
463KB
-
MD5
811d2f39dc7b04140205c4e48357ecca
-
SHA1
77e036b841978eceaa2d7b40e8911d69cabeda92
-
SHA256
008383dd4f6767667acd4877c68dc9e9ddb31d5e2528422930cbc6e5203f1280
-
SHA512
c97310c9b6cae1fdf331b64b8968d6ff398ab186251f11152b51ed9b63322f3d4442b9cb442c957d4a0c87ecb282c51b8564cce2c1b103f8540a4cda5d871ceb
-
SSDEEP
12288:mqVKiSVti9bWmmcqm/pbBzQBlsEHWkIAI+Sc:FIiSVmdmiXoTVI+S
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1