General

  • Target

    JaffaCakes118_27686311004150fa270b7dfba48c5c05

  • Size

    347KB

  • Sample

    250125-cx2n6aslhk

  • MD5

    27686311004150fa270b7dfba48c5c05

  • SHA1

    54b0744311f03ba9865f2af1c183c55ec2e692b9

  • SHA256

    286d6fcf1f13438cb2ccffa5641b82fe35483706f95a27d9188ede7cf580cdb0

  • SHA512

    8f9861698077f0c13cca2631644cdd02547542b2049959984a1a6fe5517b632ba87d47666d09222068a429c3171b5bde475c70f4288b7836fafe490633286db9

  • SSDEEP

    6144:ft1gGfMmNsQw2rw1jKjZEOP+03sWjh3zdH8GKkT:ft1gGfMmNsQw2rwmZd+/KBp8GKkT

Malware Config

Targets

    • Target

      JaffaCakes118_27686311004150fa270b7dfba48c5c05

    • Size

      347KB

    • MD5

      27686311004150fa270b7dfba48c5c05

    • SHA1

      54b0744311f03ba9865f2af1c183c55ec2e692b9

    • SHA256

      286d6fcf1f13438cb2ccffa5641b82fe35483706f95a27d9188ede7cf580cdb0

    • SHA512

      8f9861698077f0c13cca2631644cdd02547542b2049959984a1a6fe5517b632ba87d47666d09222068a429c3171b5bde475c70f4288b7836fafe490633286db9

    • SSDEEP

      6144:ft1gGfMmNsQw2rw1jKjZEOP+03sWjh3zdH8GKkT:ft1gGfMmNsQw2rwmZd+/KBp8GKkT

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks