General

  • Target

    JaffaCakes118_27c44f42c12926b6dab7308a587aefc7

  • Size

    712KB

  • Sample

    250125-dxrpmatkav

  • MD5

    27c44f42c12926b6dab7308a587aefc7

  • SHA1

    67f5d018eb065f2d54bd2ab7765fbac086bc5bad

  • SHA256

    4ec4bd21f4f0c29a3ee4e51e4d12c47081d8b46dee302e8c799ea183393929fa

  • SHA512

    8490750b7fcb54d1a97f46e0704175658ee9e71b5cc5427d3af5487387b332c9ec97faadf6aa241fb5a9b0e895b3fd2c215de1d011f4f7fe7d6666aa4e801502

  • SSDEEP

    12288:xSzORJDI1lSKakrnplrtiNNolEzJjyeMInL8UIn98UmbREvVKV0TH8jreUorZqtE:F878cl8I+oYOvVMvjreUH4

Malware Config

Targets

    • Target

      JaffaCakes118_27c44f42c12926b6dab7308a587aefc7

    • Size

      712KB

    • MD5

      27c44f42c12926b6dab7308a587aefc7

    • SHA1

      67f5d018eb065f2d54bd2ab7765fbac086bc5bad

    • SHA256

      4ec4bd21f4f0c29a3ee4e51e4d12c47081d8b46dee302e8c799ea183393929fa

    • SHA512

      8490750b7fcb54d1a97f46e0704175658ee9e71b5cc5427d3af5487387b332c9ec97faadf6aa241fb5a9b0e895b3fd2c215de1d011f4f7fe7d6666aa4e801502

    • SSDEEP

      12288:xSzORJDI1lSKakrnplrtiNNolEzJjyeMInL8UIn98UmbREvVKV0TH8jreUorZqtE:F878cl8I+oYOvVMvjreUH4

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks