General
-
Target
JaffaCakes118_ff2fb0280b4408645eb922e172e9781e
-
Size
496KB
-
Sample
250216-edtkjs1nbw
-
MD5
ff2fb0280b4408645eb922e172e9781e
-
SHA1
731bbe6dee64faa686348e15459b0c2620e102c0
-
SHA256
7f135059d5c101f8bf5c9d5f13d46b788fde58195695a7607037ef21926db87b
-
SHA512
dfbc4053d599e99d786ecf7bc266d4202884b78933075d9bab90f2065a39752833009258826bb6d2ad26c172b99b588e0b0242cfe4d9980517e724415affe959
-
SSDEEP
12288:p98bva6OOTChMrM8TjJH/XrOlznR1oMG2PdHIg:p98byWbfTdXi5oMG21H
Behavioral task
behavioral1
Sample
JaffaCakes118_ff2fb0280b4408645eb922e172e9781e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ff2fb0280b4408645eb922e172e9781e.exe
Resource
win10v2004-20250211-en
Malware Config
Targets
-
-
Target
JaffaCakes118_ff2fb0280b4408645eb922e172e9781e
-
Size
496KB
-
MD5
ff2fb0280b4408645eb922e172e9781e
-
SHA1
731bbe6dee64faa686348e15459b0c2620e102c0
-
SHA256
7f135059d5c101f8bf5c9d5f13d46b788fde58195695a7607037ef21926db87b
-
SHA512
dfbc4053d599e99d786ecf7bc266d4202884b78933075d9bab90f2065a39752833009258826bb6d2ad26c172b99b588e0b0242cfe4d9980517e724415affe959
-
SSDEEP
12288:p98bva6OOTChMrM8TjJH/XrOlznR1oMG2PdHIg:p98byWbfTdXi5oMG21H
Score10/10-
Blackshades family
-
Blackshades payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-