General

  • Target

    JaffaCakes118_252be5e1a14cbc9eb0f1cf836122fbd2

  • Size

    768KB

  • Sample

    250124-zamytaylej

  • MD5

    252be5e1a14cbc9eb0f1cf836122fbd2

  • SHA1

    2652ed12bdc89bba7feca0adc3a11000b4dff194

  • SHA256

    4cbf660133be9595b43aa6d2c494b19731edc3a2babee43a2cb86479de5360b6

  • SHA512

    3853c7ed18584d295f8b8914a615c99d36577d58533062251fbef7485737d7211affd5e7e5f3b91cdc31aa4f265af2257e29e9f2e0975687ed81f4f30a5898ea

  • SSDEEP

    12288:Q20DYZM7NAAsruoAwpt6sLhmf9CscdzGaQZGoGuuROsdOcaXeR9iwcz889:vEYapFsruoAwphLc8l0uROitauvi7

Malware Config

Targets

    • Target

      JaffaCakes118_252be5e1a14cbc9eb0f1cf836122fbd2

    • Size

      768KB

    • MD5

      252be5e1a14cbc9eb0f1cf836122fbd2

    • SHA1

      2652ed12bdc89bba7feca0adc3a11000b4dff194

    • SHA256

      4cbf660133be9595b43aa6d2c494b19731edc3a2babee43a2cb86479de5360b6

    • SHA512

      3853c7ed18584d295f8b8914a615c99d36577d58533062251fbef7485737d7211affd5e7e5f3b91cdc31aa4f265af2257e29e9f2e0975687ed81f4f30a5898ea

    • SSDEEP

      12288:Q20DYZM7NAAsruoAwpt6sLhmf9CscdzGaQZGoGuuROsdOcaXeR9iwcz889:vEYapFsruoAwphLc8l0uROitauvi7

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks