General
-
Target
JaffaCakes118_763a9df96628a5dc526fb6079c42c431
-
Size
505KB
-
Sample
250315-m9b95sssgs
-
MD5
763a9df96628a5dc526fb6079c42c431
-
SHA1
b17fd9c50241cac770cc8fc9844812a521a197f9
-
SHA256
bf3b88d9222e23a37ee6e2d5d25b384e05a84956b18753af344a021cde261d83
-
SHA512
d74158cb1b2b2e64f512b339212ac5e86e0b4b0038b59ef2da8826cb8a0469d187045909ede2336a8941b83f8d8abeb600873092a58a23a41b6c4b00443042ad
-
SSDEEP
12288:EOBj4U4RwiiSBZECSllrESCzUXAiPVnHVc9e0I:EOR4RJ08O1ie0I
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_763a9df96628a5dc526fb6079c42c431.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_763a9df96628a5dc526fb6079c42c431.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
JaffaCakes118_763a9df96628a5dc526fb6079c42c431
-
Size
505KB
-
MD5
763a9df96628a5dc526fb6079c42c431
-
SHA1
b17fd9c50241cac770cc8fc9844812a521a197f9
-
SHA256
bf3b88d9222e23a37ee6e2d5d25b384e05a84956b18753af344a021cde261d83
-
SHA512
d74158cb1b2b2e64f512b339212ac5e86e0b4b0038b59ef2da8826cb8a0469d187045909ede2336a8941b83f8d8abeb600873092a58a23a41b6c4b00443042ad
-
SSDEEP
12288:EOBj4U4RwiiSBZECSllrESCzUXAiPVnHVc9e0I:EOR4RJ08O1ie0I
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1