General

  • Target

    JaffaCakes118_10d6f33dadd2e25ea9772cdc9c3bdf64

  • Size

    217KB

  • Sample

    250122-y8akpsvmdm

  • MD5

    10d6f33dadd2e25ea9772cdc9c3bdf64

  • SHA1

    dac73b1e2c78e234ba8d851e8efee78587a701c5

  • SHA256

    84beaae160f41e86812698a472fd1013a303146665d8dec44e94866749d8761b

  • SHA512

    635eca55eaa2e09e7c546a13e90bdba9fa783eb25c723da6ddb6fefa6ceafdc8cac6a7d2ad80593308cbbf49e4bb5998f730a65a99157af40273d55379d52be2

  • SSDEEP

    6144:en7UkW9wK4+GaXQBf05W7t2mb1IDoJlg9TdS4AvqjMEV:en7VW9/LGKQei8mhI04pSj4MO

Malware Config

Targets

    • Target

      JaffaCakes118_10d6f33dadd2e25ea9772cdc9c3bdf64

    • Size

      217KB

    • MD5

      10d6f33dadd2e25ea9772cdc9c3bdf64

    • SHA1

      dac73b1e2c78e234ba8d851e8efee78587a701c5

    • SHA256

      84beaae160f41e86812698a472fd1013a303146665d8dec44e94866749d8761b

    • SHA512

      635eca55eaa2e09e7c546a13e90bdba9fa783eb25c723da6ddb6fefa6ceafdc8cac6a7d2ad80593308cbbf49e4bb5998f730a65a99157af40273d55379d52be2

    • SSDEEP

      6144:en7UkW9wK4+GaXQBf05W7t2mb1IDoJlg9TdS4AvqjMEV:en7VW9/LGKQei8mhI04pSj4MO

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks