General

  • Target

    JaffaCakes118_184b6f9b0fe138e9fbafbe143878fe32

  • Size

    208KB

  • Sample

    250123-r7zpwasrds

  • MD5

    184b6f9b0fe138e9fbafbe143878fe32

  • SHA1

    51da598b1745f823e620f06a9ad76fbdf2fa92e0

  • SHA256

    39169f2a9603bd0c65ae85654ae6d0ed8217e4c027d435108da3caa23b69117f

  • SHA512

    38ed15783af335a97fdc0bc17249377897f5499b49d197b0a0c2cdad0ddf700b5934cf0877b3e2ccafe3eebd99f9160ff6daceb5b540e7d3f193e4885534dc9e

  • SSDEEP

    3072:VAoLEsqL3XNAx7sih629dl8L6v68ds5AFk5WTrSM3nQo0S8q+q1MdukykVyACM1u:V7OGvh6CHT60POiNQoD8O1DkyIyAgB

Malware Config

Targets

    • Target

      JaffaCakes118_184b6f9b0fe138e9fbafbe143878fe32

    • Size

      208KB

    • MD5

      184b6f9b0fe138e9fbafbe143878fe32

    • SHA1

      51da598b1745f823e620f06a9ad76fbdf2fa92e0

    • SHA256

      39169f2a9603bd0c65ae85654ae6d0ed8217e4c027d435108da3caa23b69117f

    • SHA512

      38ed15783af335a97fdc0bc17249377897f5499b49d197b0a0c2cdad0ddf700b5934cf0877b3e2ccafe3eebd99f9160ff6daceb5b540e7d3f193e4885534dc9e

    • SSDEEP

      3072:VAoLEsqL3XNAx7sih629dl8L6v68ds5AFk5WTrSM3nQo0S8q+q1MdukykVyACM1u:V7OGvh6CHT60POiNQoD8O1DkyIyAgB

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks