General
-
Target
JaffaCakes118_cb0aa6e1a46b8d760facadf30393f5ce
-
Size
588KB
-
Sample
250209-erq2kswngk
-
MD5
cb0aa6e1a46b8d760facadf30393f5ce
-
SHA1
37b61938fb673a6bdc7734609f2847ced55f7b23
-
SHA256
0bf7c0310a606982acf055cf3638647d84a4489168474216ff8850d1a0bc126e
-
SHA512
adbe3c60b00a450406817af4af969f36d14b14f5e65eb531f08299afe3c351000d3ee01e9e709431173b4f89b93c3d02d7e108268a546c399933ff11144053b5
-
SSDEEP
12288:g329NY7AAu6wpBXnd6yiwygqB5KFM8jT1eBBsPTkWiX5adQ2dV:g32XYnw7IyiBuDpeBtWUcdQ
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_cb0aa6e1a46b8d760facadf30393f5ce.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_cb0aa6e1a46b8d760facadf30393f5ce.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
JaffaCakes118_cb0aa6e1a46b8d760facadf30393f5ce
-
Size
588KB
-
MD5
cb0aa6e1a46b8d760facadf30393f5ce
-
SHA1
37b61938fb673a6bdc7734609f2847ced55f7b23
-
SHA256
0bf7c0310a606982acf055cf3638647d84a4489168474216ff8850d1a0bc126e
-
SHA512
adbe3c60b00a450406817af4af969f36d14b14f5e65eb531f08299afe3c351000d3ee01e9e709431173b4f89b93c3d02d7e108268a546c399933ff11144053b5
-
SSDEEP
12288:g329NY7AAu6wpBXnd6yiwygqB5KFM8jT1eBBsPTkWiX5adQ2dV:g32XYnw7IyiBuDpeBtWUcdQ
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5Pre-OS Boot
1Bootkit
1