General
-
Target
JaffaCakes118_18959c4d68a36bf3d83faacbecd4a8b4
-
Size
258KB
-
Sample
250123-sv8bxstpet
-
MD5
18959c4d68a36bf3d83faacbecd4a8b4
-
SHA1
9a47df1228e4fe3937a996d01b11e73f3f572af6
-
SHA256
f489d28bbaab8cd78e1c572f23e7c59e492855e51b89c7a7dda9391d1f0e7569
-
SHA512
2fd4edad45ddf5d865d1c6a26a2755ef95302ec03f737bc5b3f3acd2378b79714b40553d4030a4dee059bec5bce93e3b91f7acbb8bdddf35086ca9d8a5ecf740
-
SSDEEP
6144:DHdDrhYy5i/lLS7JC8b9VYhQ44G44TtcYoXmKP0N0d:DHZ55+E7JJbrYoXmC0i
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_18959c4d68a36bf3d83faacbecd4a8b4.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_18959c4d68a36bf3d83faacbecd4a8b4.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_18959c4d68a36bf3d83faacbecd4a8b4
-
Size
258KB
-
MD5
18959c4d68a36bf3d83faacbecd4a8b4
-
SHA1
9a47df1228e4fe3937a996d01b11e73f3f572af6
-
SHA256
f489d28bbaab8cd78e1c572f23e7c59e492855e51b89c7a7dda9391d1f0e7569
-
SHA512
2fd4edad45ddf5d865d1c6a26a2755ef95302ec03f737bc5b3f3acd2378b79714b40553d4030a4dee059bec5bce93e3b91f7acbb8bdddf35086ca9d8a5ecf740
-
SSDEEP
6144:DHdDrhYy5i/lLS7JC8b9VYhQ44G44TtcYoXmKP0N0d:DHZ55+E7JJbrYoXmC0i
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1