General

  • Target

    JaffaCakes118_18959c4d68a36bf3d83faacbecd4a8b4

  • Size

    258KB

  • Sample

    250123-sv8bxstpet

  • MD5

    18959c4d68a36bf3d83faacbecd4a8b4

  • SHA1

    9a47df1228e4fe3937a996d01b11e73f3f572af6

  • SHA256

    f489d28bbaab8cd78e1c572f23e7c59e492855e51b89c7a7dda9391d1f0e7569

  • SHA512

    2fd4edad45ddf5d865d1c6a26a2755ef95302ec03f737bc5b3f3acd2378b79714b40553d4030a4dee059bec5bce93e3b91f7acbb8bdddf35086ca9d8a5ecf740

  • SSDEEP

    6144:DHdDrhYy5i/lLS7JC8b9VYhQ44G44TtcYoXmKP0N0d:DHZ55+E7JJbrYoXmC0i

Malware Config

Targets

    • Target

      JaffaCakes118_18959c4d68a36bf3d83faacbecd4a8b4

    • Size

      258KB

    • MD5

      18959c4d68a36bf3d83faacbecd4a8b4

    • SHA1

      9a47df1228e4fe3937a996d01b11e73f3f572af6

    • SHA256

      f489d28bbaab8cd78e1c572f23e7c59e492855e51b89c7a7dda9391d1f0e7569

    • SHA512

      2fd4edad45ddf5d865d1c6a26a2755ef95302ec03f737bc5b3f3acd2378b79714b40553d4030a4dee059bec5bce93e3b91f7acbb8bdddf35086ca9d8a5ecf740

    • SSDEEP

      6144:DHdDrhYy5i/lLS7JC8b9VYhQ44G44TtcYoXmKP0N0d:DHZ55+E7JJbrYoXmC0i

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks