General
-
Target
JaffaCakes118_168defe2280e38b4ccfc2c2a8080590c
-
Size
536KB
-
Sample
250222-cahb1avnc1
-
MD5
168defe2280e38b4ccfc2c2a8080590c
-
SHA1
3d66f6f630035cfc6dc088cdc255cb5b46a4d1c6
-
SHA256
c9ddb7eeafbf0192f428d2eb0d6bf0f03d1b8a032bf2520c9c95f24fbb220ef7
-
SHA512
764dc81cf181ee344d65ffd3f50899d00f9bc5062f2da835b7b7bc6a86c5d82ee1e0982107ae4c3541d95ec38192cfe07f9772d552d0c1e222483b9e7c914af3
-
SSDEEP
12288:X8+x+abo8wrfaovBsjgz1QwtbuWuaoviU82+vVZyy67MI5:j+aLboppOkil6URV
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_168defe2280e38b4ccfc2c2a8080590c.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_168defe2280e38b4ccfc2c2a8080590c.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
JaffaCakes118_168defe2280e38b4ccfc2c2a8080590c
-
Size
536KB
-
MD5
168defe2280e38b4ccfc2c2a8080590c
-
SHA1
3d66f6f630035cfc6dc088cdc255cb5b46a4d1c6
-
SHA256
c9ddb7eeafbf0192f428d2eb0d6bf0f03d1b8a032bf2520c9c95f24fbb220ef7
-
SHA512
764dc81cf181ee344d65ffd3f50899d00f9bc5062f2da835b7b7bc6a86c5d82ee1e0982107ae4c3541d95ec38192cfe07f9772d552d0c1e222483b9e7c914af3
-
SSDEEP
12288:X8+x+abo8wrfaovBsjgz1QwtbuWuaoviU82+vVZyy67MI5:j+aLboppOkil6URV
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3