Extracted

• • Target

    JaffaCakes118_7499786545ceaf9e775850eabfaaad9e

  • Size

    234KB

  • MD5

    7499786545ceaf9e775850eabfaaad9e

  • SHA1

    73293429ae2f6a8a8b0eabfbb7c16a2ff84729b1

  • SHA256

    a635871be49522d22ed5ac6ef8ad95a52ea0700ef153880fb1c1f9e51bac8460

  • SHA512

    8865be9d3b7eb4b6127796ce2309b70222d5d9af3c7c7b7b3b9a930f64a8d8dd53ad8345177799f5bcf7b4a8281d4ad136464d4854e82ba6deea0cc6e4fad6d8

  • SSDEEP

    3072:SA7bbWLQDyZ9eCHktK1IOZPaoVVXjP9dA3KGfIyFFQAJoExfWecna5NfDK:SA3+Qm3eCHktKTvVXL9d239QafWeci1

  Score

  10^/10

  blackshadeslatentbotdefense_evasiondiscoverypersistencerattrojanupx

  • Blackshades

    Blackshades is a remote access trojan with various capabilities.

    ratblackshades

  • Blackshades family

    blackshades

  • Blackshades payload

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Modifies firewall policy service

    defense_evasion

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2