General

  • Target

    JaffaCakes118_15f48a070956148d4a79750fa9ebe221

  • Size

    550KB

  • Sample

    250123-lnnwdavrfj

  • MD5

    15f48a070956148d4a79750fa9ebe221

  • SHA1

    405086bb1faa79c702f49b86c1b6bcd0a0b62c75

  • SHA256

    e0f83b2bde6dd93e70e63141a7508861211ca6c315760f98a9ce29c8aae2fd53

  • SHA512

    47736a93a3bbb4dbdd79d3baaa4fb4057dd620047fef0f2f412fb0dcf3919e5f5c70a494366bd83cc3804dcc9380154777ff9cfed2ca5dac0bf2d41f1d41f497

  • SSDEEP

    6144:X1rFgPgNhAKCeY7/6mlf2odrGuKlzqmNnOHM7aisU0WlQ2LWdAbTvTDLCGjd/GaA:XfYgYPz8j7xOHdisU0WlQ21P+Wd4

Malware Config

Targets

    • Target

      JaffaCakes118_15f48a070956148d4a79750fa9ebe221

    • Size

      550KB

    • MD5

      15f48a070956148d4a79750fa9ebe221

    • SHA1

      405086bb1faa79c702f49b86c1b6bcd0a0b62c75

    • SHA256

      e0f83b2bde6dd93e70e63141a7508861211ca6c315760f98a9ce29c8aae2fd53

    • SHA512

      47736a93a3bbb4dbdd79d3baaa4fb4057dd620047fef0f2f412fb0dcf3919e5f5c70a494366bd83cc3804dcc9380154777ff9cfed2ca5dac0bf2d41f1d41f497

    • SSDEEP

      6144:X1rFgPgNhAKCeY7/6mlf2odrGuKlzqmNnOHM7aisU0WlQ2LWdAbTvTDLCGjd/GaA:XfYgYPz8j7xOHdisU0WlQ21P+Wd4

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks