General
-
Target
JaffaCakes118_2d8450a79238e856da8e4a139868ca89
-
Size
460KB
-
Sample
250227-qp9xfsyqy3
-
MD5
2d8450a79238e856da8e4a139868ca89
-
SHA1
12c74a2a759225412eacc8c75d32350c98a47bc4
-
SHA256
4239f63ad0ddf74cd296c86e9c68dba22c4df3317ba261425a7ed0df764b745a
-
SHA512
24ee639d4e61a3b6ecfa382f956273572fdfb658fde86262a028236517d45b70225f61f0023331529b4ae66290412568c3a93a3848a925e275f765598a56170b
-
SSDEEP
12288:ObqyxfRJ1vAKkjdGJBVBQT2zMZ/wafeES:oqyxfR3vARjdGsUMZ/vVS
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_2d8450a79238e856da8e4a139868ca89.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_2d8450a79238e856da8e4a139868ca89.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
JaffaCakes118_2d8450a79238e856da8e4a139868ca89
-
Size
460KB
-
MD5
2d8450a79238e856da8e4a139868ca89
-
SHA1
12c74a2a759225412eacc8c75d32350c98a47bc4
-
SHA256
4239f63ad0ddf74cd296c86e9c68dba22c4df3317ba261425a7ed0df764b745a
-
SHA512
24ee639d4e61a3b6ecfa382f956273572fdfb658fde86262a028236517d45b70225f61f0023331529b4ae66290412568c3a93a3848a925e275f765598a56170b
-
SSDEEP
12288:ObqyxfRJ1vAKkjdGJBVBQT2zMZ/wafeES:oqyxfR3vARjdGsUMZ/vVS
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1