General
-
Target
JaffaCakes118_6417044e6444c69196811f3ad2e45161
-
Size
348KB
-
Sample
250130-srfgqsvlex
-
MD5
6417044e6444c69196811f3ad2e45161
-
SHA1
d91979a80824be04fe2ff6bb78fd527f91231387
-
SHA256
3a5668c92620f06ff7cd14bdbd158a82477a2159cd1c552490ef8e198589828e
-
SHA512
dec5a060067c202483d271a18b1a8dfef9399c5898df18d0ec9bbc74757d4c8aa6d25680a03ac6137765fb69c5882af9451912595f81eca625a6ea6a15da9f7f
-
SSDEEP
6144:JPNNccyGLMEwG2ZBt8/MGgwv0Wv+Uokz4R3EbI98V:Z3gEvAtTGxv0uPoNFEbI98
Malware Config
Targets
-
-
Target
JaffaCakes118_6417044e6444c69196811f3ad2e45161
-
Size
348KB
-
MD5
6417044e6444c69196811f3ad2e45161
-
SHA1
d91979a80824be04fe2ff6bb78fd527f91231387
-
SHA256
3a5668c92620f06ff7cd14bdbd158a82477a2159cd1c552490ef8e198589828e
-
SHA512
dec5a060067c202483d271a18b1a8dfef9399c5898df18d0ec9bbc74757d4c8aa6d25680a03ac6137765fb69c5882af9451912595f81eca625a6ea6a15da9f7f
-
SSDEEP
6144:JPNNccyGLMEwG2ZBt8/MGgwv0Wv+Uokz4R3EbI98V:Z3gEvAtTGxv0uPoNFEbI98
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1