General
-
Target
JaffaCakes118_75c40d884da1a8737cf753f06a112362
-
Size
548KB
-
Sample
250201-z266rssnaj
-
MD5
75c40d884da1a8737cf753f06a112362
-
SHA1
69475138a4563d3e19020bb0a852f3a1b63ccb17
-
SHA256
4dc971bc449025613129664f9ca0105d8323ba76cd885f4be7cbf326d44580d6
-
SHA512
12be8fd22dd123018df11c44bdb4b99bef019ca7801ed4ed590c4be3da071bce885ef83eced0d47cecd08e437b40e62ba0e15426f0c5c553b76a3d726685b07e
-
SSDEEP
12288:C8zeWo6BiAPJxrBUGI9FUL3FIut5cCrHK6P:CoPo6BFJxlUBUxtOsn
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_75c40d884da1a8737cf753f06a112362.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
JaffaCakes118_75c40d884da1a8737cf753f06a112362.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
JaffaCakes118_75c40d884da1a8737cf753f06a112362
-
Size
548KB
-
MD5
75c40d884da1a8737cf753f06a112362
-
SHA1
69475138a4563d3e19020bb0a852f3a1b63ccb17
-
SHA256
4dc971bc449025613129664f9ca0105d8323ba76cd885f4be7cbf326d44580d6
-
SHA512
12be8fd22dd123018df11c44bdb4b99bef019ca7801ed4ed590c4be3da071bce885ef83eced0d47cecd08e437b40e62ba0e15426f0c5c553b76a3d726685b07e
-
SSDEEP
12288:C8zeWo6BiAPJxrBUGI9FUL3FIut5cCrHK6P:CoPo6BFJxlUBUxtOsn
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3