General
-
Target
JaffaCakes118_e5d95aea644ac952b65c4b84b2b7a7fe
-
Size
672KB
-
Sample
250211-nj9ndsxkas
-
MD5
e5d95aea644ac952b65c4b84b2b7a7fe
-
SHA1
38a6568be65f4d5cc3c26f59301421ad633c6232
-
SHA256
63291e1a912ccb234f004b685b798f8c2c299af1fd83d1f49952d90060d30979
-
SHA512
4614adc6b6c851cfa07c632a144409cb606b2b640413cc48b92dc8b8d0cdd63d304c37b4fbeebe8ffef2dfeff6ac99d12c175aaa0f6b226022bda327c2866515
-
SSDEEP
12288:0gvADZ61MKNkKTxMc1x+cPcfnbF/TiwEOQWe:5AlIJNUxcPqhOw2We
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_e5d95aea644ac952b65c4b84b2b7a7fe.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_e5d95aea644ac952b65c4b84b2b7a7fe.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
JaffaCakes118_e5d95aea644ac952b65c4b84b2b7a7fe
-
Size
672KB
-
MD5
e5d95aea644ac952b65c4b84b2b7a7fe
-
SHA1
38a6568be65f4d5cc3c26f59301421ad633c6232
-
SHA256
63291e1a912ccb234f004b685b798f8c2c299af1fd83d1f49952d90060d30979
-
SHA512
4614adc6b6c851cfa07c632a144409cb606b2b640413cc48b92dc8b8d0cdd63d304c37b4fbeebe8ffef2dfeff6ac99d12c175aaa0f6b226022bda327c2866515
-
SSDEEP
12288:0gvADZ61MKNkKTxMc1x+cPcfnbF/TiwEOQWe:5AlIJNUxcPqhOw2We
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1