Extracted

• • Target

    JaffaCakes118_569a6624ff3a8485a13a768e86dab123

  • Size

    485KB

  • MD5

    569a6624ff3a8485a13a768e86dab123

  • SHA1

    a67c5e095c2414e1286d8a9de8a1b7ba6e2dd960

  • SHA256

    7ec4f599fb2656812e30116cf0e4f1a69157c57bd3731d9da2601fd64e5306d8

  • SHA512

    0e3e0713eff27d81ffad598a748f907f792ee3aa243a3d60b923cc6e7e9bd4619ffb8bb003e5cb139633034d7299b9dc90fe80e8d0431dd42d2c33df188efa1d

  • SSDEEP

    12288:5eJ8BYYtwbb9n5wC19sQXc0QYvZlJshMd/HOFX:fmYtU9+fUzdsu5

  Score

  10^/10

  blackshadescybergatevítimadefense_evasiondiscoverypersistenceratstealertrojanupx

  • Blackshades

    Blackshades is a remote access trojan with various capabilities.

    ratblackshades

  • Blackshades family

    blackshades

  • Blackshades payload

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Modifies firewall policy service

    defense_evasion

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2