Overview

overview

10

Static

static

3

JaffaCakes...59.exe

windows7-x64

10

JaffaCakes...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a467634cdfaad82b3924d394d2baa859

  • Size

    235KB

  • Sample

    250205-2fjjpawqar

  • MD5

    a467634cdfaad82b3924d394d2baa859

  • SHA1

    a96b232bb2c4b386b310ed68b866eed4eed37978

  • SHA256

    e29e4d8059a1793167a4a04099027a65aed89d1a54b26946058b2a5d8dd0190a

  • SHA512

    179963c5e9b92f6a7a2ddc916b3982eb1ef04ab44629b8f58308982b789fe47b9f7ceb72e9f543bcd7c06119be49dee4f2ce95df850ce83acb2b718ada0178b2

  • SSDEEP

    6144:9UR0KHLt+oJTqvKGiJyi2Ls5tq9MXxmt5MscQba:Sf5+oJT0KGO52I5t8Mk5q

Score
10/10
blackshadesdefense_evasiondiscoverypersistenceratupx

Malware Config

Targets

    • Target

      JaffaCakes118_a467634cdfaad82b3924d394d2baa859

    • Size

      235KB

    • MD5

      a467634cdfaad82b3924d394d2baa859

    • SHA1

      a96b232bb2c4b386b310ed68b866eed4eed37978

    • SHA256

      e29e4d8059a1793167a4a04099027a65aed89d1a54b26946058b2a5d8dd0190a

    • SHA512

      179963c5e9b92f6a7a2ddc916b3982eb1ef04ab44629b8f58308982b789fe47b9f7ceb72e9f543bcd7c06119be49dee4f2ce95df850ce83acb2b718ada0178b2

    • SSDEEP

      6144:9UR0KHLt+oJTqvKGiJyi2Ls5tq9MXxmt5MscQba:Sf5+oJT0KGO52I5t8Mk5q

    Score
    10/10
    blackshadesdefense_evasiondiscoverypersistenceratupx

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

      ratblackshades

    • Blackshades family

      blackshades

    • Blackshades payload

    • Modifies firewall policy service

      defense_evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks