General

  • Target

    JaffaCakes118_1ab4f11e459411903d460b68dd609fa7

  • Size

    251KB

  • Sample

    250123-yv864s1qax

  • MD5

    1ab4f11e459411903d460b68dd609fa7

  • SHA1

    141e1e26b155a590f153095826db476ba92517b0

  • SHA256

    10fc71e8f883ba0c2f2772634a1d6fbe969c46a0865b6d6671e95335bc38d40e

  • SHA512

    bb665a988c2e5ddc2aafc3eaf11825766bd88be52278314f3ceac5e8ff63b9461a561b03d92b374dd3ecf062226557eb3b34d9a191664853b8e4c4f72ea6850d

  • SSDEEP

    3072:HKdzYSNOT57lb2fE5b4av9ckJQrZTmmY57cFJiaOj3+FOCOLs8CVoE1kVJ2YtgzC:Sm7cfKcaZJsTj67cFwCzPXkH2YqPskf

Malware Config

Targets

    • Target

      JaffaCakes118_1ab4f11e459411903d460b68dd609fa7

    • Size

      251KB

    • MD5

      1ab4f11e459411903d460b68dd609fa7

    • SHA1

      141e1e26b155a590f153095826db476ba92517b0

    • SHA256

      10fc71e8f883ba0c2f2772634a1d6fbe969c46a0865b6d6671e95335bc38d40e

    • SHA512

      bb665a988c2e5ddc2aafc3eaf11825766bd88be52278314f3ceac5e8ff63b9461a561b03d92b374dd3ecf062226557eb3b34d9a191664853b8e4c4f72ea6850d

    • SSDEEP

      3072:HKdzYSNOT57lb2fE5b4av9ckJQrZTmmY57cFJiaOj3+FOCOLs8CVoE1kVJ2YtgzC:Sm7cfKcaZJsTj67cFwCzPXkH2YqPskf

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks