General
-
Target
JaffaCakes118_352de717e25f6c048f5154769bab39bc
-
Size
578KB
-
Sample
250126-ntw52s1qel
-
MD5
352de717e25f6c048f5154769bab39bc
-
SHA1
751685e2e91e6fd79f885973860a3224195a3353
-
SHA256
43effb7157529306e23d6f25204e78c2155ee506c7191caeffdb7123d73d2187
-
SHA512
f3e1a5a5cbeef33062044aa344c6e9e328206fe5a8944f2c9456e9937a1db009e5e34818cbf0d18dc6a77ee722cf7b2cec44cddc8b1e9925098f6ec9f03f4c88
-
SSDEEP
12288:eH2WSVdepiO8I9mLvlrL+2rW2YIzMm/1/PD32Z9rgJJVnMer:LWSVVO8l1+CYkta0JJVnMer
Malware Config
Extracted
latentbot
1iamjesus71.zapto.org
2iamjesus71.zapto.org
3iamjesus71.zapto.org
4iamjesus71.zapto.org
5iamjesus71.zapto.org
6iamjesus71.zapto.org
7iamjesus71.zapto.org
8iamjesus71.zapto.org
Targets
-
-
Target
JaffaCakes118_352de717e25f6c048f5154769bab39bc
-
Size
578KB
-
MD5
352de717e25f6c048f5154769bab39bc
-
SHA1
751685e2e91e6fd79f885973860a3224195a3353
-
SHA256
43effb7157529306e23d6f25204e78c2155ee506c7191caeffdb7123d73d2187
-
SHA512
f3e1a5a5cbeef33062044aa344c6e9e328206fe5a8944f2c9456e9937a1db009e5e34818cbf0d18dc6a77ee722cf7b2cec44cddc8b1e9925098f6ec9f03f4c88
-
SSDEEP
12288:eH2WSVdepiO8I9mLvlrL+2rW2YIzMm/1/PD32Z9rgJJVnMer:LWSVVO8l1+CYkta0JJVnMer
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Modifies firewall policy service
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1