Overview

overview

10

Static

static

3

JaffaCakes...d4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a16cdbb7168342a9a97d7f58adab91d4

  • Size

    614KB

  • Sample

    250408-y1761azrw6

  • MD5

    a16cdbb7168342a9a97d7f58adab91d4

  • SHA1

    46cce2f0b183d35454df17dafff5054339e80a41

  • SHA256

    906bd92d747b7ed6f842a525ea9a19893ff95241571a6f50e57a124f1a3f8e80

  • SHA512

    f5ce6aff9e7ee02d2b8b0b2e95e240bc1af6953839eb40f831b7fee6a3d3184fd0a7c8eea27da3aeb4e57f30e5331b4b380a10d27cb664fae6d936d28ff365ed

  • SSDEEP

    12288:n4rJIcdt4YoJgOfujuDHAlc9EE1bn7Kk9EE1bn7K:nQSc36iROD9EEhn7F9EEhn7

Score
10/10
blackshadesdefense_evasiondiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_a16cdbb7168342a9a97d7f58adab91d4

    • Size

      614KB

    • MD5

      a16cdbb7168342a9a97d7f58adab91d4

    • SHA1

      46cce2f0b183d35454df17dafff5054339e80a41

    • SHA256

      906bd92d747b7ed6f842a525ea9a19893ff95241571a6f50e57a124f1a3f8e80

    • SHA512

      f5ce6aff9e7ee02d2b8b0b2e95e240bc1af6953839eb40f831b7fee6a3d3184fd0a7c8eea27da3aeb4e57f30e5331b4b380a10d27cb664fae6d936d28ff365ed

    • SSDEEP

      12288:n4rJIcdt4YoJgOfujuDHAlc9EE1bn7Kk9EE1bn7K:nQSc36iROD9EEhn7F9EEhn7

    Score
    10/10
    blackshadesdefense_evasiondiscoverypersistencerat

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

      ratblackshades

    • Blackshades family

      blackshades

    • Blackshades payload

    • Modifies firewall policy service

      defense_evasion

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

Remote System Discovery

1
T1018

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks