Overview

overview

10

Static

static

3

JaffaCakes...92.exe

windows7-x64

10

JaffaCakes...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_b80111bc3558a69ad81535c8be65d592

  • Size

    404KB

  • Sample

    250207-rpshvavqdn

  • MD5

    b80111bc3558a69ad81535c8be65d592

  • SHA1

    36f28b999ac1f7b1e90241c9fd47b4a914b306ac

  • SHA256

    b1146f5bfa21f6c8874b86184ec280d00201b7cced724517ccb7a27f7511cb92

  • SHA512

    d8ff98e3e891532546123c3138f25abcff1435ab196f757c1d758c959597ec7cce744f71e432b4a6387282dbf2b9a513636f0d225cb9764672baeb9b5002880d

  • SSDEEP

    6144:asCyB53fFu8/J37mZgx0QklwO1P4mMPlSLbIK/AsKd/QRs9vXZAxaS3yqT6l3BI5:I4R9v6lZ4mMPqboRdocXjelTI3BIvkm

Score
10/10
blackshadesbootkitdefense_evasiondiscoverypersistenceratupx

Malware Config

Targets

    • Target

      JaffaCakes118_b80111bc3558a69ad81535c8be65d592

    • Size

      404KB

    • MD5

      b80111bc3558a69ad81535c8be65d592

    • SHA1

      36f28b999ac1f7b1e90241c9fd47b4a914b306ac

    • SHA256

      b1146f5bfa21f6c8874b86184ec280d00201b7cced724517ccb7a27f7511cb92

    • SHA512

      d8ff98e3e891532546123c3138f25abcff1435ab196f757c1d758c959597ec7cce744f71e432b4a6387282dbf2b9a513636f0d225cb9764672baeb9b5002880d

    • SSDEEP

      6144:asCyB53fFu8/J37mZgx0QklwO1P4mMPlSLbIK/AsKd/QRs9vXZAxaS3yqT6l3BI5:I4R9v6lZ4mMPqboRdocXjelTI3BIvkm

    Score
    10/10
    blackshadesbootkitdefense_evasiondiscoverypersistenceratupx

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

      ratblackshades

    • Blackshades family

      blackshades

    • Blackshades payload

    • Modifies firewall policy service

      defense_evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks