General
-
Target
JaffaCakes118_26ea14c700ae6adceca69166a4bee5b2
-
Size
350KB
-
Sample
250226-szychsvjw9
-
MD5
26ea14c700ae6adceca69166a4bee5b2
-
SHA1
c46939e9ddd512530db471a03f0459f020f79d9c
-
SHA256
19458e47b930a78b047d87b5c776cd153b4c25098a66d10d4ad61e13e1a83994
-
SHA512
ddbff5f8f99d2f58c359c5c606d08c552acbf222acf0193a93969d365aa66db4012ded4e2a1676d95d78d8099ae9d09f1259b3671e432aa2e2a529a32ead0eba
-
SSDEEP
6144:1i843mWf+j/0bTzucNH4Sbz0eYtWg2Z2fbf9to99CWOU+EY6uh:1i8432j/0bTzucnYeh12f7Ly9CWOU+EA
Malware Config
Targets
-
-
Target
JaffaCakes118_26ea14c700ae6adceca69166a4bee5b2
-
Size
350KB
-
MD5
26ea14c700ae6adceca69166a4bee5b2
-
SHA1
c46939e9ddd512530db471a03f0459f020f79d9c
-
SHA256
19458e47b930a78b047d87b5c776cd153b4c25098a66d10d4ad61e13e1a83994
-
SHA512
ddbff5f8f99d2f58c359c5c606d08c552acbf222acf0193a93969d365aa66db4012ded4e2a1676d95d78d8099ae9d09f1259b3671e432aa2e2a529a32ead0eba
-
SSDEEP
6144:1i843mWf+j/0bTzucNH4Sbz0eYtWg2Z2fbf9to99CWOU+EY6uh:1i8432j/0bTzucnYeh12f7Ly9CWOU+EA
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1