General
-
Target
JaffaCakes118_7296fb9d9fa91d45235481a807eb1790
-
Size
620KB
-
Sample
250314-assvcazls2
-
MD5
7296fb9d9fa91d45235481a807eb1790
-
SHA1
676b08100885ae10ce94310fbef3b5065c5c2722
-
SHA256
64e135661d4d5031ed4fd2ebbb588c036dcd8db7620d3393050da7464a3140b4
-
SHA512
57d354d8aeccfd0e737742f51d0acef4d81d7dbc83bf21d27919c4c3f491982e84cc85d34d50e2b780f0362152c74213bd6f01932b8bbaf27e04781b9cce5fbb
-
SSDEEP
6144:texxagiu8c3gaQPohW9dBLHVMAtoXobLlteTZ1kl:8UgiXrqAtoXoXlKk
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_7296fb9d9fa91d45235481a807eb1790.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_7296fb9d9fa91d45235481a807eb1790.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
JaffaCakes118_7296fb9d9fa91d45235481a807eb1790
-
Size
620KB
-
MD5
7296fb9d9fa91d45235481a807eb1790
-
SHA1
676b08100885ae10ce94310fbef3b5065c5c2722
-
SHA256
64e135661d4d5031ed4fd2ebbb588c036dcd8db7620d3393050da7464a3140b4
-
SHA512
57d354d8aeccfd0e737742f51d0acef4d81d7dbc83bf21d27919c4c3f491982e84cc85d34d50e2b780f0362152c74213bd6f01932b8bbaf27e04781b9cce5fbb
-
SSDEEP
6144:texxagiu8c3gaQPohW9dBLHVMAtoXobLlteTZ1kl:8UgiXrqAtoXoXlKk
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1