General

  • Target

    JaffaCakes118_24deb3d902c7c229bed5feb1ddc63306

  • Size

    138KB

  • Sample

    250124-ykdx8avpey

  • MD5

    24deb3d902c7c229bed5feb1ddc63306

  • SHA1

    af61d128cc3c6959dcdc2b46d0a1458e47031119

  • SHA256

    16a95ed3e7c6546526bf79bd8c8986777470554736a0304e499d242a7857e266

  • SHA512

    564b1ad61549d2ecdea4d1a8b84a2c03743624bc5009e3fddc1c602bac7fc301e01ce62906a25b68d5c496c6c0ace5bb8cee74cb2ac5ba685ee533079af2e236

  • SSDEEP

    3072:+rMI/wBLMzKqpQujnSabibHPR09db1fDP/iUzK2yHmcnpzp:+rbIwzKqpQgn5WbvR09db1fDSIyH3np

Malware Config

Targets

    • Target

      JaffaCakes118_24deb3d902c7c229bed5feb1ddc63306

    • Size

      138KB

    • MD5

      24deb3d902c7c229bed5feb1ddc63306

    • SHA1

      af61d128cc3c6959dcdc2b46d0a1458e47031119

    • SHA256

      16a95ed3e7c6546526bf79bd8c8986777470554736a0304e499d242a7857e266

    • SHA512

      564b1ad61549d2ecdea4d1a8b84a2c03743624bc5009e3fddc1c602bac7fc301e01ce62906a25b68d5c496c6c0ace5bb8cee74cb2ac5ba685ee533079af2e236

    • SSDEEP

      3072:+rMI/wBLMzKqpQujnSabibHPR09db1fDP/iUzK2yHmcnpzp:+rbIwzKqpQgn5WbvR09db1fDSIyH3np

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks