General
-
Target
JaffaCakes118_990ed8777d4c5b1cca0e834e26064edc
-
Size
564KB
-
Sample
250330-ye6q2svzcx
-
MD5
990ed8777d4c5b1cca0e834e26064edc
-
SHA1
40d55a6b59cb99671110d3bc207952bbe065ccca
-
SHA256
40260b9b7a793597079cbfa0fb91b5df5977bfda86c4a9368533e704df398767
-
SHA512
1bd39d2ecd057eeca97654fcdc661189f14bd838202348785bf2a73baa51693fcf465f81dc522761777f78cef2dc960f941ed5c9f376c606d1ae098747a5598d
-
SSDEEP
6144:vEaKeYwk2YG7nZ+d+ppPa9btVTV0DiUsRT7yRgIWBdL/APsAOQ50LU6/6Tyruzm1:vEYjnZoy+xViK7yg/Aqu0d6OrnK9g
Malware Config
Targets
-
-
Target
JaffaCakes118_990ed8777d4c5b1cca0e834e26064edc
-
Size
564KB
-
MD5
990ed8777d4c5b1cca0e834e26064edc
-
SHA1
40d55a6b59cb99671110d3bc207952bbe065ccca
-
SHA256
40260b9b7a793597079cbfa0fb91b5df5977bfda86c4a9368533e704df398767
-
SHA512
1bd39d2ecd057eeca97654fcdc661189f14bd838202348785bf2a73baa51693fcf465f81dc522761777f78cef2dc960f941ed5c9f376c606d1ae098747a5598d
-
SSDEEP
6144:vEaKeYwk2YG7nZ+d+ppPa9btVTV0DiUsRT7yRgIWBdL/APsAOQ50LU6/6Tyruzm1:vEYjnZoy+xViK7yg/Aqu0d6OrnK9g
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5