General

  • Target

    JaffaCakes118_173ad36c1b1888bd198331b5bee690a7

  • Size

    218KB

  • Sample

    250123-ppvbbszmd1

  • MD5

    173ad36c1b1888bd198331b5bee690a7

  • SHA1

    f8d5bf6ca2da8567909efc96e1373c79e55dd228

  • SHA256

    a8882499c41a558ce6185fc5abf520334a2c10abcebf5398ffd6a601d3085b8c

  • SHA512

    8adbba85ec7f432fae18d6bd6bf84cfbaa075c6959c0084321bf8a7df43608f539c3fa989f070a8edb4ae578bd304ed18df57c4f8e18abdbacd34f9810bb6d2f

  • SSDEEP

    3072:WfUL/ElgcvkJNJbwQcjkgfJYp4wMgnHNKKhjhrNwnRmfafCc82G73v+Y4/SmMBPD:IURkEbwQ8kgfJYptthhwxqcPgvf46L

Malware Config

Targets

    • Target

      JaffaCakes118_173ad36c1b1888bd198331b5bee690a7

    • Size

      218KB

    • MD5

      173ad36c1b1888bd198331b5bee690a7

    • SHA1

      f8d5bf6ca2da8567909efc96e1373c79e55dd228

    • SHA256

      a8882499c41a558ce6185fc5abf520334a2c10abcebf5398ffd6a601d3085b8c

    • SHA512

      8adbba85ec7f432fae18d6bd6bf84cfbaa075c6959c0084321bf8a7df43608f539c3fa989f070a8edb4ae578bd304ed18df57c4f8e18abdbacd34f9810bb6d2f

    • SSDEEP

      3072:WfUL/ElgcvkJNJbwQcjkgfJYp4wMgnHNKKhjhrNwnRmfafCc82G73v+Y4/SmMBPD:IURkEbwQ8kgfJYptthhwxqcPgvf46L

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks