General
-
Target
JaffaCakes118_ff782b59442e156d78bef67b80b90efa
-
Size
1.7MB
-
Sample
250216-e56dessmbn
-
MD5
ff782b59442e156d78bef67b80b90efa
-
SHA1
316c5eb33272afee07fe25ab8958de1d381d6380
-
SHA256
83425ccfaa33acfceb809ee0913b1d9c974f7bb8acc961ac771fdbf07891cfa4
-
SHA512
04937955567e169e97bc809cf88463a8c55b3ed70f7635050b2ce3e5baba4cfd7855e38bf84263cd2c74b8bc3442ff3c44b22faffc15b4f7d55dad831c10f06a
-
SSDEEP
49152:UiNFSTDoGAcq489t9vk035ozlFe/Kk+LSHLx7TNyuA:vUm4u5k03mnOxxPdA
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_ff782b59442e156d78bef67b80b90efa.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ff782b59442e156d78bef67b80b90efa.exe
Resource
win10v2004-20250211-en
Malware Config
Targets
-
-
Target
JaffaCakes118_ff782b59442e156d78bef67b80b90efa
-
Size
1.7MB
-
MD5
ff782b59442e156d78bef67b80b90efa
-
SHA1
316c5eb33272afee07fe25ab8958de1d381d6380
-
SHA256
83425ccfaa33acfceb809ee0913b1d9c974f7bb8acc961ac771fdbf07891cfa4
-
SHA512
04937955567e169e97bc809cf88463a8c55b3ed70f7635050b2ce3e5baba4cfd7855e38bf84263cd2c74b8bc3442ff3c44b22faffc15b4f7d55dad831c10f06a
-
SSDEEP
49152:UiNFSTDoGAcq489t9vk035ozlFe/Kk+LSHLx7TNyuA:vUm4u5k03mnOxxPdA
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1