General
-
Target
JaffaCakes118_13805c03ba7d17f466567829eb298cc2
-
Size
783KB
-
Sample
250123-ehebes1lgs
-
MD5
13805c03ba7d17f466567829eb298cc2
-
SHA1
29875cc54677ac724222b19b5095e4a3eb220e8a
-
SHA256
27afc0ad9defd845d58d312b18695ab223fcbab6ccb44d0d7d47aee05fe2fa09
-
SHA512
1b9070d07938640d967bad81f1b0b1842037b05a0a5166f0a4e3ca481c6b1b344b37da478b15e3c4c06831f63fb550da842af9c04acbe217bf6b174700a3235a
-
SSDEEP
24576:+PxNy3tUcEzjeSnOFDF18TEPRuzZZVuy:F3z3F1WEPo1ZVu
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_13805c03ba7d17f466567829eb298cc2.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_13805c03ba7d17f466567829eb298cc2.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_13805c03ba7d17f466567829eb298cc2
-
Size
783KB
-
MD5
13805c03ba7d17f466567829eb298cc2
-
SHA1
29875cc54677ac724222b19b5095e4a3eb220e8a
-
SHA256
27afc0ad9defd845d58d312b18695ab223fcbab6ccb44d0d7d47aee05fe2fa09
-
SHA512
1b9070d07938640d967bad81f1b0b1842037b05a0a5166f0a4e3ca481c6b1b344b37da478b15e3c4c06831f63fb550da842af9c04acbe217bf6b174700a3235a
-
SSDEEP
24576:+PxNy3tUcEzjeSnOFDF18TEPRuzZZVuy:F3z3F1WEPo1ZVu
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1