General
-
Target
JaffaCakes118_40debe4fcd1a4fa73032db2186f449ae
-
Size
7.3MB
-
Sample
250127-slj8qsvngj
-
MD5
40debe4fcd1a4fa73032db2186f449ae
-
SHA1
f1f827c6b02f8c7cc43e530e629daf7832e68509
-
SHA256
382a6307d8d8a44ea40b4d32c8a84da82da38cf09e7337ad437b73c6dda70331
-
SHA512
dc33a131739e95a94fdc765efbaf1a9eea7da36fe400fb0528fa1ec438e41bd3664ad56586e6d48843c0d3effaebe5dfecf31559dc24179aa7f078a321ba5c8e
-
SSDEEP
196608:Y/6Zg8f409bI9UWb/MyeYce0CeOey7z1pT:i6GOAh6joHnzT
Behavioral task
behavioral1
Sample
JaffaCakes118_40debe4fcd1a4fa73032db2186f449ae.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40debe4fcd1a4fa73032db2186f449ae.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_40debe4fcd1a4fa73032db2186f449ae
-
Size
7.3MB
-
MD5
40debe4fcd1a4fa73032db2186f449ae
-
SHA1
f1f827c6b02f8c7cc43e530e629daf7832e68509
-
SHA256
382a6307d8d8a44ea40b4d32c8a84da82da38cf09e7337ad437b73c6dda70331
-
SHA512
dc33a131739e95a94fdc765efbaf1a9eea7da36fe400fb0528fa1ec438e41bd3664ad56586e6d48843c0d3effaebe5dfecf31559dc24179aa7f078a321ba5c8e
-
SSDEEP
196608:Y/6Zg8f409bI9UWb/MyeYce0CeOey7z1pT:i6GOAh6joHnzT
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1