General
-
Target
JaffaCakes118_fef4a3cb53cddb18160b23a348cd08bd
-
Size
323KB
-
Sample
250216-dqplpayqhl
-
MD5
fef4a3cb53cddb18160b23a348cd08bd
-
SHA1
34ba9271b2d20a1b7931d7893f5f99c81c63c6dd
-
SHA256
003d5fb8c4898406ed5f7796a8c16915f90e7ab03e2a797bd2844be2a0ed97c7
-
SHA512
911086ecfbfb6911264cd02adb7fc32518b58945123a6a13f0a57dddfc659897d636f04b8950b4c75a2c13941e9d4241029fc1c2ca98a5bd79f0ac61a1fb228f
-
SSDEEP
6144:EXLWH8s4/qnMRAgWUQQMo0asHOWkeNeDO/3l3LNP37RPK:EXLWH8scAMRAgWB3tHOWkeNeDOP/Pd
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_fef4a3cb53cddb18160b23a348cd08bd.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_fef4a3cb53cddb18160b23a348cd08bd.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
JaffaCakes118_fef4a3cb53cddb18160b23a348cd08bd
-
Size
323KB
-
MD5
fef4a3cb53cddb18160b23a348cd08bd
-
SHA1
34ba9271b2d20a1b7931d7893f5f99c81c63c6dd
-
SHA256
003d5fb8c4898406ed5f7796a8c16915f90e7ab03e2a797bd2844be2a0ed97c7
-
SHA512
911086ecfbfb6911264cd02adb7fc32518b58945123a6a13f0a57dddfc659897d636f04b8950b4c75a2c13941e9d4241029fc1c2ca98a5bd79f0ac61a1fb228f
-
SSDEEP
6144:EXLWH8s4/qnMRAgWUQQMo0asHOWkeNeDO/3l3LNP37RPK:EXLWH8scAMRAgWB3tHOWkeNeDOP/Pd
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Downloads MZ/PE file
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3