General
-
Target
JaffaCakes118_77d47e54c705ce247be9c990a64bc80b
-
Size
190KB
-
Sample
250315-zcnm5awns7
-
MD5
77d47e54c705ce247be9c990a64bc80b
-
SHA1
1300ee5b33180a8f9ff48924368b49181f617c51
-
SHA256
dfb77e1cebb8a3e4b71cdd8ddd9b34c6375b76097df9ccc249ae95670a92d8e2
-
SHA512
b17d97516a162f7298a40ef89a87bff8cde4f8f6e5d8939a5e6e4cbf4dc047431bebb8b03d80a16a2c22ed07da787e0d8bbde92cd2e87ab4090767087bd7bba8
-
SSDEEP
3072:maLHwNmVCnVZyfu9u6d0hnTGtgi37uL9YVkkNxj4N4UAYvX3zO6a+paKY:brwmmVCu9hd0hnitn7u6ku1w4UDy6ayY
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_77d47e54c705ce247be9c990a64bc80b.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_77d47e54c705ce247be9c990a64bc80b.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
JaffaCakes118_77d47e54c705ce247be9c990a64bc80b
-
Size
190KB
-
MD5
77d47e54c705ce247be9c990a64bc80b
-
SHA1
1300ee5b33180a8f9ff48924368b49181f617c51
-
SHA256
dfb77e1cebb8a3e4b71cdd8ddd9b34c6375b76097df9ccc249ae95670a92d8e2
-
SHA512
b17d97516a162f7298a40ef89a87bff8cde4f8f6e5d8939a5e6e4cbf4dc047431bebb8b03d80a16a2c22ed07da787e0d8bbde92cd2e87ab4090767087bd7bba8
-
SSDEEP
3072:maLHwNmVCnVZyfu9u6d0hnTGtgi37uL9YVkkNxj4N4UAYvX3zO6a+paKY:brwmmVCu9hd0hnitn7u6ku1w4UDy6ayY
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1