General

  • Target

    JaffaCakes118_2641bdaf6f3ce17452691f76aba45a6b

  • Size

    931KB

  • Sample

    250124-29xneavpaq

  • MD5

    2641bdaf6f3ce17452691f76aba45a6b

  • SHA1

    12741d6020e3dd516da3ff9b7556149a99171299

  • SHA256

    355a3e27d4d3f74932ad80a473409c74ed6326a63bfd39f0eff3c61962731218

  • SHA512

    1b4bcae8f59475632e88d33f15ebf78936d8f2a5d8c7b5ddde16e92e072a0bebb9d1177ad18981eb0d72d2c10f400f56c0544ea967bce9a1de2fa22e0b2fe9fd

  • SSDEEP

    12288:wpc1ar3iR5D7CD5juTVejcshjBGrcaIqV1mhtUx1wnFQCfUwtSeraTVKI7hvmb1b:w4adVhQAntUXwnNbnX2bV8tSyh7T

Malware Config

Targets

    • Target

      JaffaCakes118_2641bdaf6f3ce17452691f76aba45a6b

    • Size

      931KB

    • MD5

      2641bdaf6f3ce17452691f76aba45a6b

    • SHA1

      12741d6020e3dd516da3ff9b7556149a99171299

    • SHA256

      355a3e27d4d3f74932ad80a473409c74ed6326a63bfd39f0eff3c61962731218

    • SHA512

      1b4bcae8f59475632e88d33f15ebf78936d8f2a5d8c7b5ddde16e92e072a0bebb9d1177ad18981eb0d72d2c10f400f56c0544ea967bce9a1de2fa22e0b2fe9fd

    • SSDEEP

      12288:wpc1ar3iR5D7CD5juTVejcshjBGrcaIqV1mhtUx1wnFQCfUwtSeraTVKI7hvmb1b:w4adVhQAntUXwnNbnX2bV8tSyh7T

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks