General
-
Target
JaffaCakes118_fde5a33d30fab221c1b7ad3b51f8e8b3
-
Size
2.1MB
-
Sample
250216-a1r8sasqcq
-
MD5
fde5a33d30fab221c1b7ad3b51f8e8b3
-
SHA1
b98bf52a11f32b0f7ae139c7556c6919b01e5b14
-
SHA256
0072936191466179cf9b700e6724da9ddd7f30c7434e93ae3e1eaa7d82108825
-
SHA512
b5df71bbfa7c95818e26ca8e64ffb6e1fecf013b247bec03a63fcfc0a69abf7b39282cf948f685d4386eb9b8a1c082ff06a4004fda142a54f2a0f4aa41ec1add
-
SSDEEP
49152:1wj77kwLOJd7foZCIBqF/xwPsq1wKh5xtTxMnu8DUXac:1wf7bLOJKpBIJcsUrxtG/QK
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_fde5a33d30fab221c1b7ad3b51f8e8b3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_fde5a33d30fab221c1b7ad3b51f8e8b3.exe
Resource
win10v2004-20250211-en
Malware Config
Targets
-
-
Target
JaffaCakes118_fde5a33d30fab221c1b7ad3b51f8e8b3
-
Size
2.1MB
-
MD5
fde5a33d30fab221c1b7ad3b51f8e8b3
-
SHA1
b98bf52a11f32b0f7ae139c7556c6919b01e5b14
-
SHA256
0072936191466179cf9b700e6724da9ddd7f30c7434e93ae3e1eaa7d82108825
-
SHA512
b5df71bbfa7c95818e26ca8e64ffb6e1fecf013b247bec03a63fcfc0a69abf7b39282cf948f685d4386eb9b8a1c082ff06a4004fda142a54f2a0f4aa41ec1add
-
SSDEEP
49152:1wj77kwLOJd7foZCIBqF/xwPsq1wKh5xtTxMnu8DUXac:1wf7bLOJKpBIJcsUrxtG/QK
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1