General
-
Target
JaffaCakes118_4d9b4cbed6d3f3f34a890e9c60a2c7a9
-
Size
174KB
-
Sample
250128-wa97kayrhn
-
MD5
4d9b4cbed6d3f3f34a890e9c60a2c7a9
-
SHA1
aefe05391176df1541df089d2755b3ca6fbe349b
-
SHA256
52dc5008f725b9feb38bc63db28928e3dd1ee8c4009448ea80f48cc96d0ef6c7
-
SHA512
1d34b4743ab56fb0fb77ec3e2d7b3580f75e4e571cc8c73467413ca2ccc33536b6fbdd315a41f1464b2e84e8127143fe7c98ed5dab076d30d5cefa9a5736f40a
-
SSDEEP
3072:y2Jtq5dKQ4MR+32a60nmIADraMAZN8Cwed9Nztvft3GSW9N18isE0oK:8J4MROnmBfFWH9tVt3GSKN1hu
Behavioral task
behavioral1
Sample
JaffaCakes118_4d9b4cbed6d3f3f34a890e9c60a2c7a9.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4d9b4cbed6d3f3f34a890e9c60a2c7a9.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_4d9b4cbed6d3f3f34a890e9c60a2c7a9
-
Size
174KB
-
MD5
4d9b4cbed6d3f3f34a890e9c60a2c7a9
-
SHA1
aefe05391176df1541df089d2755b3ca6fbe349b
-
SHA256
52dc5008f725b9feb38bc63db28928e3dd1ee8c4009448ea80f48cc96d0ef6c7
-
SHA512
1d34b4743ab56fb0fb77ec3e2d7b3580f75e4e571cc8c73467413ca2ccc33536b6fbdd315a41f1464b2e84e8127143fe7c98ed5dab076d30d5cefa9a5736f40a
-
SSDEEP
3072:y2Jtq5dKQ4MR+32a60nmIADraMAZN8Cwed9Nztvft3GSW9N18isE0oK:8J4MROnmBfFWH9tVt3GSKN1hu
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1