General
-
Target
JaffaCakes118_7eb3b378eb8cb877b2f2be667ee32edf
-
Size
510KB
-
Sample
250202-t2q7nazmax
-
MD5
7eb3b378eb8cb877b2f2be667ee32edf
-
SHA1
1f25b565a1042d662bf6504c2f0849b90fefafaa
-
SHA256
4667cc1c606bb2190a7cd13810a38b318141457a60b2d6d4f83f49dfe5bda6a2
-
SHA512
99fe455b1ed284bb4d9ac4ba8743dab7b3c73521fe14180691785a19ca72dc4cf19de41b692c6cc3c02a862538bb711f5c980793af8f6d51b4ad4b3e20356d2a
-
SSDEEP
12288:hXsytFlbZkXuVHOlH3k3C3Nz0CVhL8jQrSQ/qmp:lsytFlWeVu1k3CtVaDQ/B
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_7eb3b378eb8cb877b2f2be667ee32edf.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_7eb3b378eb8cb877b2f2be667ee32edf.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
JaffaCakes118_7eb3b378eb8cb877b2f2be667ee32edf
-
Size
510KB
-
MD5
7eb3b378eb8cb877b2f2be667ee32edf
-
SHA1
1f25b565a1042d662bf6504c2f0849b90fefafaa
-
SHA256
4667cc1c606bb2190a7cd13810a38b318141457a60b2d6d4f83f49dfe5bda6a2
-
SHA512
99fe455b1ed284bb4d9ac4ba8743dab7b3c73521fe14180691785a19ca72dc4cf19de41b692c6cc3c02a862538bb711f5c980793af8f6d51b4ad4b3e20356d2a
-
SSDEEP
12288:hXsytFlbZkXuVHOlH3k3C3Nz0CVhL8jQrSQ/qmp:lsytFlWeVu1k3CtVaDQ/B
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1