General
-
Target
JaffaCakes118_7483b0f397e84146d65270811acaf406
-
Size
499KB
-
Sample
250314-rd357sssdy
-
MD5
7483b0f397e84146d65270811acaf406
-
SHA1
6ec8454dd815d82cd0efc6346aa814b625ae20b5
-
SHA256
6a2c322a94239a463c6c66d19d8525aac5885780d5358d9f3c20ad143a5bce47
-
SHA512
729382817ab74f744473aa2dae27e0ea5480c0299d8471dcc901537f187467ffb003be5436971e19d9a2fa633c0b1affa3e2b7e89edfd3a3d0645a944e338a32
-
SSDEEP
12288:4jYv5Vow6Yv79aZZxQKqA6ldGmNDvXT1w+sh5VV+n5t1Vai9:AwpTI3xQKLqL/vaVV+f1VaK
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_7483b0f397e84146d65270811acaf406.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_7483b0f397e84146d65270811acaf406.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
JaffaCakes118_7483b0f397e84146d65270811acaf406
-
Size
499KB
-
MD5
7483b0f397e84146d65270811acaf406
-
SHA1
6ec8454dd815d82cd0efc6346aa814b625ae20b5
-
SHA256
6a2c322a94239a463c6c66d19d8525aac5885780d5358d9f3c20ad143a5bce47
-
SHA512
729382817ab74f744473aa2dae27e0ea5480c0299d8471dcc901537f187467ffb003be5436971e19d9a2fa633c0b1affa3e2b7e89edfd3a3d0645a944e338a32
-
SSDEEP
12288:4jYv5Vow6Yv79aZZxQKqA6ldGmNDvXT1w+sh5VV+n5t1Vai9:AwpTI3xQKLqL/vaVV+f1VaK
Score10/10-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-