General
-
Target
JaffaCakes118_e5312e0c5aadad43be0d359772b1e728
-
Size
255KB
-
Sample
250211-l4hz3asrgj
-
MD5
e5312e0c5aadad43be0d359772b1e728
-
SHA1
7d3472fa87bdb5bb866d6474b61336455cb6cf8b
-
SHA256
805b73793f141dd6ff3d9e86ee210ff8b6ded0800fa2d354802f63adaca86bb6
-
SHA512
a94a4e1084e674863c1be3bcabc980483719bdbd7d127c6ee753373861c7dc922e226257bc6e051ffdea1743b72633a761c172fbdb904e80f17d14d9f2e9e3ee
-
SSDEEP
6144:TPe0Cw0vokMsRjkTUC7gcepF41jEh3yKmP:TPCwHk9oTUCkppaEM
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_e5312e0c5aadad43be0d359772b1e728.exe
Resource
win7-20250207-en
Behavioral task
behavioral2
Sample
JaffaCakes118_e5312e0c5aadad43be0d359772b1e728.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
JaffaCakes118_e5312e0c5aadad43be0d359772b1e728
-
Size
255KB
-
MD5
e5312e0c5aadad43be0d359772b1e728
-
SHA1
7d3472fa87bdb5bb866d6474b61336455cb6cf8b
-
SHA256
805b73793f141dd6ff3d9e86ee210ff8b6ded0800fa2d354802f63adaca86bb6
-
SHA512
a94a4e1084e674863c1be3bcabc980483719bdbd7d127c6ee753373861c7dc922e226257bc6e051ffdea1743b72633a761c172fbdb904e80f17d14d9f2e9e3ee
-
SSDEEP
6144:TPe0Cw0vokMsRjkTUC7gcepF41jEh3yKmP:TPCwHk9oTUCkppaEM
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1