General

  • Target

    JaffaCakes118_1357727662a385561f2e055d1670934a

  • Size

    719KB

  • Sample

    250123-d3xsts1mfr

  • MD5

    1357727662a385561f2e055d1670934a

  • SHA1

    92be9a6e1ac442eaee2aa288a86886b401748d37

  • SHA256

    2e8a0758a8048e32b738ec03d8a7ab4799f1499c7338d715b10cb08ba4d7a1b4

  • SHA512

    2e691f2d3222d680faee81c2c4d1ea5b45077923af815501cec1c618c002f4253adee2e38f4ef50f1b34860f8bb8862ac4b18a7503f515dc3239f3bfaae36dcd

  • SSDEEP

    12288:kc////q+k9bfaORPAbQN3qIBj8310d2IDu8kegctVdp:kc////qzJaOoQNpBjsCd2IDu3itV

Malware Config

Targets

    • Target

      JaffaCakes118_1357727662a385561f2e055d1670934a

    • Size

      719KB

    • MD5

      1357727662a385561f2e055d1670934a

    • SHA1

      92be9a6e1ac442eaee2aa288a86886b401748d37

    • SHA256

      2e8a0758a8048e32b738ec03d8a7ab4799f1499c7338d715b10cb08ba4d7a1b4

    • SHA512

      2e691f2d3222d680faee81c2c4d1ea5b45077923af815501cec1c618c002f4253adee2e38f4ef50f1b34860f8bb8862ac4b18a7503f515dc3239f3bfaae36dcd

    • SSDEEP

      12288:kc////q+k9bfaORPAbQN3qIBj8310d2IDu8kegctVdp:kc////qzJaOoQNpBjsCd2IDu3itV

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks