General
-
Target
JaffaCakes118_fe509d59957944e228b83996e6e0149b
-
Size
416KB
-
Sample
250216-b3gqhawjfy
-
MD5
fe509d59957944e228b83996e6e0149b
-
SHA1
3b1f2a1c52f5f88c84f952a7f3f80a5d819523de
-
SHA256
e80776015f965ee8073fbb62b9e9177ed4f6183341f6616049cad119048d6e3e
-
SHA512
059cd57b85d032d7de6d564e5537e7566e9fca5d3b3189d0f64f90c34a2e602a5343edbe11a2fbc20dea1a5ad98336be528888c447fcf4bf6f3a1e76707b2c51
-
SSDEEP
3072:7RvbTPohLTDXXN9E3rRoN+Sb+RURa11gTt3Z3o3H3n3z373gdgePhxza3tjzTiPQ:9f+HncVRUsKdgeQPT8EGAtOclrKf5aA
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_fe509d59957944e228b83996e6e0149b.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_fe509d59957944e228b83996e6e0149b.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
JaffaCakes118_fe509d59957944e228b83996e6e0149b
-
Size
416KB
-
MD5
fe509d59957944e228b83996e6e0149b
-
SHA1
3b1f2a1c52f5f88c84f952a7f3f80a5d819523de
-
SHA256
e80776015f965ee8073fbb62b9e9177ed4f6183341f6616049cad119048d6e3e
-
SHA512
059cd57b85d032d7de6d564e5537e7566e9fca5d3b3189d0f64f90c34a2e602a5343edbe11a2fbc20dea1a5ad98336be528888c447fcf4bf6f3a1e76707b2c51
-
SSDEEP
3072:7RvbTPohLTDXXN9E3rRoN+Sb+RURa11gTt3Z3o3H3n3z373gdgePhxza3tjzTiPQ:9f+HncVRUsKdgeQPT8EGAtOclrKf5aA
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5