Extracted

• • Target

    JaffaCakes118_3b10f674303668d2d26ed1008afbb1e9

  • Size

    162KB

  • MD5

    3b10f674303668d2d26ed1008afbb1e9

  • SHA1

    7ce065848640f01d1f52ed060d9e7199ff401330

  • SHA256

    53d582f218a2b405c6c64b7c77918ace75b196d36ae861775f930d6622a1977b

  • SHA512

    e9c9dc2af503ee7794d539f072d7a35559f8d5c91aa7556145e02e1072069071642e8704cb771025d054a9f417a47d66b9ebe44880e0e9c73c4bd8f60389df4c

  • SSDEEP

    3072:77qDHFxg3crTFv4MO7F47D4iWw/dqjGdZq:77SXg3wFvvO7i7RjVE

  Score

  10^/10

  blackshadeslatentbotdefense_evasiondiscoverypersistencerattrojanupx

  • Blackshades

    Blackshades is a remote access trojan with various capabilities.

    ratblackshades

  • Blackshades family

    blackshades

  • Blackshades payload

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Modifies firewall policy service

    defense_evasion

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2