blackshades | 4a198ba14bc25b19e72904912b77e409a75983c052641982e9018f59b4cd1a5c | Triage

Sharing

General

Target

JaffaCakes118_44c92646652f168b572ca558c64cbe18
Size

168KB
Sample

250303-e8fbeaxnt9
MD5

44c92646652f168b572ca558c64cbe18
SHA1

5691143f93535edfd63b3ce9e6c5a9e01f6ba859
SHA256

4a198ba14bc25b19e72904912b77e409a75983c052641982e9018f59b4cd1a5c
SHA512

935766144fefdddb56d68cd0fec958a0c3a3f24a7867ba0f397330dd9db13b671ce64f6300537f9cc271e8809b8e5b294f6adf79d3b9f692d166f8aafd9d0ca6
SSDEEP

3072:QA3APuqyV0S2lwVqgDEIKToCSA3HwhQ79AdJAS/51dW5btz7x/VEAiSY6I64GZ6:nPqA0S2li1Lj4fFS/51dW5jduZ6I63Z6

Score

10^/10

blackshades defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  whatsapp.exe
- Size
  
  456KB
- MD5
  
  163ef3af02c67e5f0412014ab7fd2586
- SHA1
  
  fb4be138b14afd8a45b811bc5a96725cf34a383e
- SHA256
  
  128a0deafd45973bc66de28dc0771ea9c51a0e3b24c2d9ed37569f5f7f905093
- SHA512
  
  f4bcc35f52532283a8046a0c1c4fbabb3239a6cac59da922fef31a0a697edd82cd5b589ef7179381511a7344c1b4939bb7b668a25316c7e3ce7ad5a2b727810d
- SSDEEP
  
  6144:tbIUuRgSqk1l+4Hb4I2HIEi+nPHawj6gwIRlzLzjzB8Q5LlKTWKnHe1yvsaA/:tbHu1+C4Is7zrvzWQ5LlKTWKnHmyvs1
Score

10^/10

defense_evasion discovery persistence
- Modifies firewall policy service
  defense_evasion
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence

behavioral2

defense_evasiondiscoverypersistence