General
-
Target
JaffaCakes118_fee28ae597ff2a8427e1e0f174d17aef
-
Size
608KB
-
Sample
250216-dkmj5szjdw
-
MD5
fee28ae597ff2a8427e1e0f174d17aef
-
SHA1
91a8aab251732d41d693d8ab49e5d4ded57d62a0
-
SHA256
e88ed5381bc46c4146c719d0c39cfc8824cc5e94ea70e00759fdcd532edcc94e
-
SHA512
eda611e2d1b355b2f5b5ebb450bfe84ea59498da9a2e9f0f686c6f43c8dc70b539bead0702b5c0a650873ce5b3c919acb4085c6a583ac641c4993ce56addc58a
-
SSDEEP
12288:XvbnaX5nRu1Z3A7r/GCj8zvVnXgE6wGIlqeCmS0mowdn:fjahRu1Z3y6VmSGWOmSQ4n
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_fee28ae597ff2a8427e1e0f174d17aef.exe
Resource
win7-20250207-en
Behavioral task
behavioral2
Sample
JaffaCakes118_fee28ae597ff2a8427e1e0f174d17aef.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
JaffaCakes118_fee28ae597ff2a8427e1e0f174d17aef
-
Size
608KB
-
MD5
fee28ae597ff2a8427e1e0f174d17aef
-
SHA1
91a8aab251732d41d693d8ab49e5d4ded57d62a0
-
SHA256
e88ed5381bc46c4146c719d0c39cfc8824cc5e94ea70e00759fdcd532edcc94e
-
SHA512
eda611e2d1b355b2f5b5ebb450bfe84ea59498da9a2e9f0f686c6f43c8dc70b539bead0702b5c0a650873ce5b3c919acb4085c6a583ac641c4993ce56addc58a
-
SSDEEP
12288:XvbnaX5nRu1Z3A7r/GCj8zvVnXgE6wGIlqeCmS0mowdn:fjahRu1Z3y6VmSGWOmSQ4n
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5Pre-OS Boot
1Bootkit
1