General
-
Target
JaffaCakes118_3fbc3c6716961175a925ebd0ef0db148
-
Size
220KB
-
Sample
250302-mtltmssqv8
-
MD5
3fbc3c6716961175a925ebd0ef0db148
-
SHA1
b7ef70efa57b2fbd75ed41c6930c24f82eb5026e
-
SHA256
29f9b1f02a050ae7304348b6eade4c4d165cfc9c6d9524d305cd17de6b55a41a
-
SHA512
318a504629228ae1d4260705c27a7d9cb398528ec3e520b499f495cdb85db69050a665bf37b8e52dc5bee1e4f8d3851e372093f07cac9a7f94602be686810778
-
SSDEEP
6144:NtuNgGJQ1NRXfboBxhvSptIM+Eiwi0+sSU4y:3mJQ1DmXvSDosjV
Malware Config
Targets
-
-
Target
JaffaCakes118_3fbc3c6716961175a925ebd0ef0db148
-
Size
220KB
-
MD5
3fbc3c6716961175a925ebd0ef0db148
-
SHA1
b7ef70efa57b2fbd75ed41c6930c24f82eb5026e
-
SHA256
29f9b1f02a050ae7304348b6eade4c4d165cfc9c6d9524d305cd17de6b55a41a
-
SHA512
318a504629228ae1d4260705c27a7d9cb398528ec3e520b499f495cdb85db69050a665bf37b8e52dc5bee1e4f8d3851e372093f07cac9a7f94602be686810778
-
SSDEEP
6144:NtuNgGJQ1NRXfboBxhvSptIM+Eiwi0+sSU4y:3mJQ1DmXvSDosjV
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1