General

  • Target

    JaffaCakes118_14558f871b78ecfb5d42bc7565777598

  • Size

    560KB

  • Sample

    250123-gr25yswkex

  • MD5

    14558f871b78ecfb5d42bc7565777598

  • SHA1

    bb947a7b353cb5c27d2e84307f2b778f93ae533e

  • SHA256

    e25af7c87cc0fd1bd780b2c03af5731994c2d90aea8e516e64cf5a8b84f71b70

  • SHA512

    dce1f1feafc84a0ff076147f7b46250125916388365b923a34d6f75a30ecc79333d6386e03fe3ed66a8a75d82cc4c0a14963f276d53a92b0db238e806b969846

  • SSDEEP

    12288:3Sy6Hr8InApopMuG9JWOqfK2un5GHNzD41IDuRBovTAQ2PkiKWy9H4pTH+nq:QL8IA2pIvqdM1IC3ovkKWy9+9

Malware Config

Targets

    • Target

      JaffaCakes118_14558f871b78ecfb5d42bc7565777598

    • Size

      560KB

    • MD5

      14558f871b78ecfb5d42bc7565777598

    • SHA1

      bb947a7b353cb5c27d2e84307f2b778f93ae533e

    • SHA256

      e25af7c87cc0fd1bd780b2c03af5731994c2d90aea8e516e64cf5a8b84f71b70

    • SHA512

      dce1f1feafc84a0ff076147f7b46250125916388365b923a34d6f75a30ecc79333d6386e03fe3ed66a8a75d82cc4c0a14963f276d53a92b0db238e806b969846

    • SSDEEP

      12288:3Sy6Hr8InApopMuG9JWOqfK2un5GHNzD41IDuRBovTAQ2PkiKWy9H4pTH+nq:QL8IA2pIvqdM1IC3ovkKWy9+9

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks