General

  • Target

    JaffaCakes118_13dc2ed047ecbac6198220690e4c5862

  • Size

    812KB

  • Sample

    250123-fhnqjatkb1

  • MD5

    13dc2ed047ecbac6198220690e4c5862

  • SHA1

    88249d889d5f02361e3e92e90d95f75494c350de

  • SHA256

    39d5ba605db2cc32d23edb6ecbee5156c08b4eef1d85d470b20ccb0fc1cdf094

  • SHA512

    2d98bef8eefbc32ba6ccac2a7009453e3dcc9e54ebc86e5b45fef9348a28a5f650aee7b966f5a517a1de0b57fd06493743c59f6c01b43ea0e65c972d4fffb147

  • SSDEEP

    12288:2SDIS9kIkP4ZtOs1Jh6gO8foecajdL0Rd/xAUjMI0Xfzo86SWFIq5B1AqgaDA:EDIkP4ZtOKJhBFo5ajhS/uVKvJB1pga8

Malware Config

Targets

    • Target

      JaffaCakes118_13dc2ed047ecbac6198220690e4c5862

    • Size

      812KB

    • MD5

      13dc2ed047ecbac6198220690e4c5862

    • SHA1

      88249d889d5f02361e3e92e90d95f75494c350de

    • SHA256

      39d5ba605db2cc32d23edb6ecbee5156c08b4eef1d85d470b20ccb0fc1cdf094

    • SHA512

      2d98bef8eefbc32ba6ccac2a7009453e3dcc9e54ebc86e5b45fef9348a28a5f650aee7b966f5a517a1de0b57fd06493743c59f6c01b43ea0e65c972d4fffb147

    • SSDEEP

      12288:2SDIS9kIkP4ZtOs1Jh6gO8foecajdL0Rd/xAUjMI0Xfzo86SWFIq5B1AqgaDA:EDIkP4ZtOKJhBFo5ajhS/uVKvJB1pga8

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks