General

  • Target

    JaffaCakes118_194991dd664427290b8f959d79349d52

  • Size

    458KB

  • Sample

    250123-vhjtxaxpfr

  • MD5

    194991dd664427290b8f959d79349d52

  • SHA1

    6702d2e3cb2187e643664d40ee6baa157beb3735

  • SHA256

    2b4faab234ac3ca51ba557543e9b89eb9f8286792a829300357649472f95c67d

  • SHA512

    3c7ad81fc671aa8c8541fe5be686942cc5efed8557c9fcdbe1774e6cdb7c63a245537d2c7fa1edae10685bb119717e83817840d39d64b2245f44dbfac42aab4e

  • SSDEEP

    6144:5WRJKx/2Huob35OaAJ4xYRgNTSSEgVDQaEV5/H5p8jLUMJyTfTId2QnlK:5aJKx/2Huo9lY8S915UQ4kzQ

Malware Config

Targets

    • Target

      JaffaCakes118_194991dd664427290b8f959d79349d52

    • Size

      458KB

    • MD5

      194991dd664427290b8f959d79349d52

    • SHA1

      6702d2e3cb2187e643664d40ee6baa157beb3735

    • SHA256

      2b4faab234ac3ca51ba557543e9b89eb9f8286792a829300357649472f95c67d

    • SHA512

      3c7ad81fc671aa8c8541fe5be686942cc5efed8557c9fcdbe1774e6cdb7c63a245537d2c7fa1edae10685bb119717e83817840d39d64b2245f44dbfac42aab4e

    • SSDEEP

      6144:5WRJKx/2Huob35OaAJ4xYRgNTSSEgVDQaEV5/H5p8jLUMJyTfTId2QnlK:5aJKx/2Huo9lY8S915UQ4kzQ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks