General
-
Target
JaffaCakes118_7a5eab58bb4310fc23b03af65aa66afa
-
Size
776KB
-
Sample
250202-h58ekatkar
-
MD5
7a5eab58bb4310fc23b03af65aa66afa
-
SHA1
6591767a8a063d7d499f588a12d4d7bfb9c02763
-
SHA256
49aeb7c801aaf180053f374a7a988c6e490e01ec1cae2ae75c6703abc2e26261
-
SHA512
8d9ef975da2e6573fe7df9ab8cf24aec7937b19b930087074d7bcc20749729a7f541e253d1321c703b686ca8a2300ff4321d8d062ee211b2f727a9b8bf150f64
-
SSDEEP
24576:goc2lxDl/El+YFFtumDDHlRvoJdSn+qvwLKBGDOlbbREj:g4l8RFT7lutqvSal9Ej
Malware Config
Targets
-
-
Target
JaffaCakes118_7a5eab58bb4310fc23b03af65aa66afa
-
Size
776KB
-
MD5
7a5eab58bb4310fc23b03af65aa66afa
-
SHA1
6591767a8a063d7d499f588a12d4d7bfb9c02763
-
SHA256
49aeb7c801aaf180053f374a7a988c6e490e01ec1cae2ae75c6703abc2e26261
-
SHA512
8d9ef975da2e6573fe7df9ab8cf24aec7937b19b930087074d7bcc20749729a7f541e253d1321c703b686ca8a2300ff4321d8d062ee211b2f727a9b8bf150f64
-
SSDEEP
24576:goc2lxDl/El+YFFtumDDHlRvoJdSn+qvwLKBGDOlbbREj:g4l8RFT7lutqvSal9Ej
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1