General

  • Target

    JaffaCakes118_13805c03ba7d17f466567829eb298cc2

  • Size

    783KB

  • Sample

    250123-ehebes1lgs

  • MD5

    13805c03ba7d17f466567829eb298cc2

  • SHA1

    29875cc54677ac724222b19b5095e4a3eb220e8a

  • SHA256

    27afc0ad9defd845d58d312b18695ab223fcbab6ccb44d0d7d47aee05fe2fa09

  • SHA512

    1b9070d07938640d967bad81f1b0b1842037b05a0a5166f0a4e3ca481c6b1b344b37da478b15e3c4c06831f63fb550da842af9c04acbe217bf6b174700a3235a

  • SSDEEP

    24576:+PxNy3tUcEzjeSnOFDF18TEPRuzZZVuy:F3z3F1WEPo1ZVu

Malware Config

Targets

    • Target

      JaffaCakes118_13805c03ba7d17f466567829eb298cc2

    • Size

      783KB

    • MD5

      13805c03ba7d17f466567829eb298cc2

    • SHA1

      29875cc54677ac724222b19b5095e4a3eb220e8a

    • SHA256

      27afc0ad9defd845d58d312b18695ab223fcbab6ccb44d0d7d47aee05fe2fa09

    • SHA512

      1b9070d07938640d967bad81f1b0b1842037b05a0a5166f0a4e3ca481c6b1b344b37da478b15e3c4c06831f63fb550da842af9c04acbe217bf6b174700a3235a

    • SSDEEP

      24576:+PxNy3tUcEzjeSnOFDF18TEPRuzZZVuy:F3z3F1WEPo1ZVu

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Disables RegEdit via registry modification

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks