General
-
Target
JaffaCakes118_13dc2ed047ecbac6198220690e4c5862
-
Size
812KB
-
Sample
250123-fhnqjatkb1
-
MD5
13dc2ed047ecbac6198220690e4c5862
-
SHA1
88249d889d5f02361e3e92e90d95f75494c350de
-
SHA256
39d5ba605db2cc32d23edb6ecbee5156c08b4eef1d85d470b20ccb0fc1cdf094
-
SHA512
2d98bef8eefbc32ba6ccac2a7009453e3dcc9e54ebc86e5b45fef9348a28a5f650aee7b966f5a517a1de0b57fd06493743c59f6c01b43ea0e65c972d4fffb147
-
SSDEEP
12288:2SDIS9kIkP4ZtOs1Jh6gO8foecajdL0Rd/xAUjMI0Xfzo86SWFIq5B1AqgaDA:EDIkP4ZtOKJhBFo5ajhS/uVKvJB1pga8
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_13dc2ed047ecbac6198220690e4c5862.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_13dc2ed047ecbac6198220690e4c5862.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_13dc2ed047ecbac6198220690e4c5862
-
Size
812KB
-
MD5
13dc2ed047ecbac6198220690e4c5862
-
SHA1
88249d889d5f02361e3e92e90d95f75494c350de
-
SHA256
39d5ba605db2cc32d23edb6ecbee5156c08b4eef1d85d470b20ccb0fc1cdf094
-
SHA512
2d98bef8eefbc32ba6ccac2a7009453e3dcc9e54ebc86e5b45fef9348a28a5f650aee7b966f5a517a1de0b57fd06493743c59f6c01b43ea0e65c972d4fffb147
-
SSDEEP
12288:2SDIS9kIkP4ZtOs1Jh6gO8foecajdL0Rd/xAUjMI0Xfzo86SWFIq5B1AqgaDA:EDIkP4ZtOKJhBFo5ajhS/uVKvJB1pga8
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3