General

  • Target

    JaffaCakes118_0ff8d60dff75e7111251d98a5b07ffd7

  • Size

    566KB

  • Sample

    250122-wvydhaylgs

  • MD5

    0ff8d60dff75e7111251d98a5b07ffd7

  • SHA1

    88fcbd8ddada8ad558c204e0fdf5355d6b411210

  • SHA256

    33a1b3990829936f83a1c885b32fc057a18b38f5f2a02e2998c491352d77c834

  • SHA512

    ef9f587a88c3a95fd1cd0d5cbe9821d8b569fd1cb24566313336f3ecbfbebc5ad5c086c7904ff60f9cd53acc02f882360a880173c718b0487ba66053b13e0133

  • SSDEEP

    12288:yaiPdLzy5Cy2Wp5ubPm/4hTTyb+DW/f7yxCP2:y0rQbeQhTub+D6FO

Malware Config

Targets

    • Target

      JaffaCakes118_0ff8d60dff75e7111251d98a5b07ffd7

    • Size

      566KB

    • MD5

      0ff8d60dff75e7111251d98a5b07ffd7

    • SHA1

      88fcbd8ddada8ad558c204e0fdf5355d6b411210

    • SHA256

      33a1b3990829936f83a1c885b32fc057a18b38f5f2a02e2998c491352d77c834

    • SHA512

      ef9f587a88c3a95fd1cd0d5cbe9821d8b569fd1cb24566313336f3ecbfbebc5ad5c086c7904ff60f9cd53acc02f882360a880173c718b0487ba66053b13e0133

    • SSDEEP

      12288:yaiPdLzy5Cy2Wp5ubPm/4hTTyb+DW/f7yxCP2:y0rQbeQhTub+D6FO

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks