General
-
Target
JaffaCakes118_7a5638f59a7e82885cb7ef6b59658ed3
-
Size
764KB
-
Sample
250202-h34cts1naw
-
MD5
7a5638f59a7e82885cb7ef6b59658ed3
-
SHA1
9623e557e6604c14d849ceedcf6d33856036324f
-
SHA256
1089a2ba7976d42895bd819f74a8aab0c24936bfe8fc3ca737923c4464318fd5
-
SHA512
399a8d6fae5f20bda56883a25c1c0741a222ac31dfde33e7184055d94893f9b5bef84297196e39d2b418d5411c7f49c1e230c76fe6dd42750cbe933e6854a92d
-
SSDEEP
12288:0yv5CmRjt3tgYBq2MS8uO/EtH/rBFin7lNw5LIjIRNoFlWQ:FQmRlt/q2MS2QGn7lNYJNDQ
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_7a5638f59a7e82885cb7ef6b59658ed3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_7a5638f59a7e82885cb7ef6b59658ed3.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
JaffaCakes118_7a5638f59a7e82885cb7ef6b59658ed3
-
Size
764KB
-
MD5
7a5638f59a7e82885cb7ef6b59658ed3
-
SHA1
9623e557e6604c14d849ceedcf6d33856036324f
-
SHA256
1089a2ba7976d42895bd819f74a8aab0c24936bfe8fc3ca737923c4464318fd5
-
SHA512
399a8d6fae5f20bda56883a25c1c0741a222ac31dfde33e7184055d94893f9b5bef84297196e39d2b418d5411c7f49c1e230c76fe6dd42750cbe933e6854a92d
-
SSDEEP
12288:0yv5CmRjt3tgYBq2MS8uO/EtH/rBFin7lNw5LIjIRNoFlWQ:FQmRlt/q2MS2QGn7lNYJNDQ
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3