General
-
Target
JaffaCakes118_a66f568dc11bd395a30f07746e91b70a
-
Size
1.3MB
-
Sample
250206-c7ktdszney
-
MD5
a66f568dc11bd395a30f07746e91b70a
-
SHA1
7bea3be36a317c45971f9a72834d8e169774a7ab
-
SHA256
16cbdc35fac5671450a4405b8ad0fb2a69f9e6abb69689112510e2ccb2b4d0b2
-
SHA512
c727b9c3c55cff2777339018c54a50541b506ca7c990d7fc8b6b8e9eb94546d405fada0c2ce104b988f60cf11955f8fc7cd04b30c21e7b01f2b51a049c787f43
-
SSDEEP
24576:XRmJkcoQricOIQxiZY1iargsSFzYL1/dIohcdUkjLkP2BTx15vrfuoSkrH:cJZoQrbTFZY1iargtFsBlIQcRcI9jfFZ
Malware Config
Targets
-
-
Target
JaffaCakes118_a66f568dc11bd395a30f07746e91b70a
-
Size
1.3MB
-
MD5
a66f568dc11bd395a30f07746e91b70a
-
SHA1
7bea3be36a317c45971f9a72834d8e169774a7ab
-
SHA256
16cbdc35fac5671450a4405b8ad0fb2a69f9e6abb69689112510e2ccb2b4d0b2
-
SHA512
c727b9c3c55cff2777339018c54a50541b506ca7c990d7fc8b6b8e9eb94546d405fada0c2ce104b988f60cf11955f8fc7cd04b30c21e7b01f2b51a049c787f43
-
SSDEEP
24576:XRmJkcoQricOIQxiZY1iargsSFzYL1/dIohcdUkjLkP2BTx15vrfuoSkrH:cJZoQrbTFZY1iargtFsBlIQcRcI9jfFZ
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5