General
-
Target
JaffaCakes118_9b8c5582e05e4aed3788e7f8f721caef
-
Size
828KB
-
Sample
250406-rfy92aspv4
-
MD5
9b8c5582e05e4aed3788e7f8f721caef
-
SHA1
9d2992244748fcfeeddfe2e152a18022ea41ba93
-
SHA256
1ade18c7c37b4c7bbfa9a3fe55d408ebd3f2274fb55840af42810aeb3546faa0
-
SHA512
6812a474d6d249b29d7ae9535c34bd6539ea95fc6ebc178523788ba3e958f68d6b6361200a597fddba9d5f59f70179298fbe95a8508c4e591a09b54b1dc9b13a
-
SSDEEP
12288:nsZ7XpmA0E+rGRiYjfHBaZOutFxtjEyc+NJGlWXq3t2ApHC6Cw1DTGs5tbz54+:sZbAnXqJX
Malware Config
Targets
-
-
Target
JaffaCakes118_9b8c5582e05e4aed3788e7f8f721caef
-
Size
828KB
-
MD5
9b8c5582e05e4aed3788e7f8f721caef
-
SHA1
9d2992244748fcfeeddfe2e152a18022ea41ba93
-
SHA256
1ade18c7c37b4c7bbfa9a3fe55d408ebd3f2274fb55840af42810aeb3546faa0
-
SHA512
6812a474d6d249b29d7ae9535c34bd6539ea95fc6ebc178523788ba3e958f68d6b6361200a597fddba9d5f59f70179298fbe95a8508c4e591a09b54b1dc9b13a
-
SSDEEP
12288:nsZ7XpmA0E+rGRiYjfHBaZOutFxtjEyc+NJGlWXq3t2ApHC6Cw1DTGs5tbz54+:sZbAnXqJX
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1