General
-
Target
JaffaCakes118_37aec50cef26dd240d9c9268cfa4a739
-
Size
468KB
-
Sample
250126-v3v3nsxqcv
-
MD5
37aec50cef26dd240d9c9268cfa4a739
-
SHA1
7abb696318dbe169a44c88515f02071e7d084322
-
SHA256
33679b3585d310a7e2b803821b5372a11daa04ff1d77e8b5229a302462ce4210
-
SHA512
367f5fd60777a1aac559d2af82152a01cea09d7edc7e5b9a3108debf04e29620ab540f2ddb0392d1764a339cfe6ef74d4e382c37e790b7acf5dd7ff2982bf613
-
SSDEEP
6144:llr2laNZKD2gHb4IxHIEi+n0Haw0k/GdR7e3XjPnTEHKM6jI7L1iz9A3:llKlsZ8264IGh0aXrnTEHKM6jI75iz
Malware Config
Targets
-
-
Target
JaffaCakes118_37aec50cef26dd240d9c9268cfa4a739
-
Size
468KB
-
MD5
37aec50cef26dd240d9c9268cfa4a739
-
SHA1
7abb696318dbe169a44c88515f02071e7d084322
-
SHA256
33679b3585d310a7e2b803821b5372a11daa04ff1d77e8b5229a302462ce4210
-
SHA512
367f5fd60777a1aac559d2af82152a01cea09d7edc7e5b9a3108debf04e29620ab540f2ddb0392d1764a339cfe6ef74d4e382c37e790b7acf5dd7ff2982bf613
-
SSDEEP
6144:llr2laNZKD2gHb4IxHIEi+n0Haw0k/GdR7e3XjPnTEHKM6jI7L1iz9A3:llKlsZ8264IGh0aXrnTEHKM6jI75iz
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1