General
-
Target
JaffaCakes118_ec78c36082e9a44c345d79701d135ac4
-
Size
3.4MB
-
Sample
250212-c9bnhaxmdq
-
MD5
ec78c36082e9a44c345d79701d135ac4
-
SHA1
7a04b2dbdac66ffb08bd5a1cc66a051d6d3dc087
-
SHA256
57061cd3e00ea27c740b87818395b451fec61b2f951682574ad2016fbd3a51c1
-
SHA512
29570b7af665a9669f8b76b2c94099733d6986570362026dd22fad31e4986e861bae7cc6f000843a488feff44b3d306757fb73d3141e0557c19fe3995ab69e4e
-
SSDEEP
98304:P+pGI5OMHQWY9NP/xSoNkllffiygwpDiHa3:WpxH7uP/YoN4pigpDiHS
Static task
static1
Behavioral task
behavioral1
Sample
password.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
password.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
password.exe
-
Size
1.1MB
-
MD5
fdadef5b0ffdb6fb4b92e94b9d5d0d5f
-
SHA1
a240fa366f81ae43749f961e75521451e5278847
-
SHA256
ea149a67bd03ce0925244fc64440de177c267185159bb6c7372598896658da91
-
SHA512
c61a9279bf636305c3a820c941c3bf40ddd0dba9224bdf8812d9c8b0f9277e6de17dd1f629d5ad46b8a81d5f8633af668acf05b0f5cb3c1e7ddb0a25b097fc95
-
SSDEEP
12288:3vTBBV98o0/+/mqruvu3YGLoYpse4reBlQAKxCqS1vpdSqmj2aGhYij5aBlkHk+Y:w0pFlQK/dSq4ra5dPf2XN+U
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Downloads MZ/PE file
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4