Overview

overview

10

Static

static

3

JaffaCakes...de.exe

windows7-x64

10

JaffaCakes...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_60e926d884fe563a2f5fd35b80aa24de

  • Size

    280KB

  • Sample

    250310-xxlcdsvnx4

  • MD5

    60e926d884fe563a2f5fd35b80aa24de

  • SHA1

    3996fda2d941158bb9121cab291a1fe60859a0ef

  • SHA256

    b541276d3cf136aaf5337f5c50ade7d9feb374bb25034342bae9e92052cff983

  • SHA512

    5ba0692854460a884e9ea2a9b81a211192f10cdbfd905c0c1bb9a18a6b45202f62a0b9eb7fa90f7c5ae4eeb8f3ef5c655504c0546d6889bab79df6dbbe72c05c

  • SSDEEP

    6144:hFEcp/l8yosSdtzTeCs5eCBVbxHBBKrXLgKDhQowe/qjR+/1:hF1shmzBhBYtNQoXAa

Score
10/10
blackshadesdefense_evasiondiscoverypersistenceratupx

Malware Config

Targets

    • Target

      JaffaCakes118_60e926d884fe563a2f5fd35b80aa24de

    • Size

      280KB

    • MD5

      60e926d884fe563a2f5fd35b80aa24de

    • SHA1

      3996fda2d941158bb9121cab291a1fe60859a0ef

    • SHA256

      b541276d3cf136aaf5337f5c50ade7d9feb374bb25034342bae9e92052cff983

    • SHA512

      5ba0692854460a884e9ea2a9b81a211192f10cdbfd905c0c1bb9a18a6b45202f62a0b9eb7fa90f7c5ae4eeb8f3ef5c655504c0546d6889bab79df6dbbe72c05c

    • SSDEEP

      6144:hFEcp/l8yosSdtzTeCs5eCBVbxHBBKrXLgKDhQowe/qjR+/1:hF1shmzBhBYtNQoXAa

    Score
    10/10
    blackshadesdefense_evasiondiscoverypersistenceratupx

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

      ratblackshades

    • Blackshades family

      blackshades

    • Blackshades payload

    • Modifies firewall policy service

      defense_evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks