General

  • Target

    JaffaCakes118_18e46aa49e5a845630ee285803513982

  • Size

    346KB

  • Sample

    250123-tmkrbsvndt

  • MD5

    18e46aa49e5a845630ee285803513982

  • SHA1

    46028820334a95cb150e8b42c5cae11d789e822d

  • SHA256

    d3a9134fe93b1cb6cd6a9591a9d8b59b18ccdf3123fe39d9dc3df16526063f2b

  • SHA512

    96acc14503ee18eba8e086a9901bf0c01b555a280d5ca2ba211f9e63b5794c4e065bd1e1323fae80db34ced94d5ee46a318d87da1c33a6b004ab6f6b6276f623

  • SSDEEP

    6144:bpt8O8KrNaGBqW4RMqPKk9IV6AWszAqS8gPCvkZ6KTiMOa5n1:T8OT8WwMLoIBkt8gaMEKOMRL

Malware Config

Targets

    • Target

      JaffaCakes118_18e46aa49e5a845630ee285803513982

    • Size

      346KB

    • MD5

      18e46aa49e5a845630ee285803513982

    • SHA1

      46028820334a95cb150e8b42c5cae11d789e822d

    • SHA256

      d3a9134fe93b1cb6cd6a9591a9d8b59b18ccdf3123fe39d9dc3df16526063f2b

    • SHA512

      96acc14503ee18eba8e086a9901bf0c01b555a280d5ca2ba211f9e63b5794c4e065bd1e1323fae80db34ced94d5ee46a318d87da1c33a6b004ab6f6b6276f623

    • SSDEEP

      6144:bpt8O8KrNaGBqW4RMqPKk9IV6AWszAqS8gPCvkZ6KTiMOa5n1:T8OT8WwMLoIBkt8gaMEKOMRL

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks