General
-
Target
JaffaCakes118_4bbe9169963d1d016f69ad287b4119c9
-
Size
524KB
-
Sample
250304-hbcqsssydy
-
MD5
4bbe9169963d1d016f69ad287b4119c9
-
SHA1
6fcfdf40045f39fdc49ae4cb2b7177b5a87bc752
-
SHA256
2157cdf75751321f01486c3a5f35ae0664dec2544738ad5c130457f8d1d4b96e
-
SHA512
5e702e09a760b4e84ed0f8cfb3d2d8b6d71478f010ccca2b1b37e536589558277e74bf82f2a2b2774a4d3d2afd3a8f74d8bc99a9b4f178434edcf1bfc52f2fc6
-
SSDEEP
12288:BGxqtSCKT/R0lFDPbAbxujwIrdkDcxqmeIE1uhi1ASooS8joS:BG8oCcAFDgxIKD9f1IJXf8
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4bbe9169963d1d016f69ad287b4119c9.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4bbe9169963d1d016f69ad287b4119c9.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
JaffaCakes118_4bbe9169963d1d016f69ad287b4119c9
-
Size
524KB
-
MD5
4bbe9169963d1d016f69ad287b4119c9
-
SHA1
6fcfdf40045f39fdc49ae4cb2b7177b5a87bc752
-
SHA256
2157cdf75751321f01486c3a5f35ae0664dec2544738ad5c130457f8d1d4b96e
-
SHA512
5e702e09a760b4e84ed0f8cfb3d2d8b6d71478f010ccca2b1b37e536589558277e74bf82f2a2b2774a4d3d2afd3a8f74d8bc99a9b4f178434edcf1bfc52f2fc6
-
SSDEEP
12288:BGxqtSCKT/R0lFDPbAbxujwIrdkDcxqmeIE1uhi1ASooS8joS:BG8oCcAFDgxIKD9f1IJXf8
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
4