General

  • Target

    JaffaCakes118_288bbd300fd39434ddd6fdc265506add

  • Size

    183KB

  • Sample

    250125-f3e9wsyrgk

  • MD5

    288bbd300fd39434ddd6fdc265506add

  • SHA1

    6e2adb88bfd2d097f76c41ab123b8e6a6d6fb250

  • SHA256

    f0231cdd2c015de8b22974adf8c67977713749b9eec1e97dafe8450bb6e8f7de

  • SHA512

    029c4eb5e9128dfc8b7d7f52ede4fde1b173246dd766f45191fd10243757ca5857e8b5eec72ce162f7f8a3e404b45e8be8f0bb210190a6a23e4a5f6c2e206a66

  • SSDEEP

    3072:E8uSV75J+zulVBD+3181omJnGXzyjV2KjEyVnxyLEeWzPp/Rb3PhvYd+rNl2ofYz:E8uSVHDlVBDNomJGXexTffe2RISsh4H

Malware Config

Targets

    • Target

      JaffaCakes118_288bbd300fd39434ddd6fdc265506add

    • Size

      183KB

    • MD5

      288bbd300fd39434ddd6fdc265506add

    • SHA1

      6e2adb88bfd2d097f76c41ab123b8e6a6d6fb250

    • SHA256

      f0231cdd2c015de8b22974adf8c67977713749b9eec1e97dafe8450bb6e8f7de

    • SHA512

      029c4eb5e9128dfc8b7d7f52ede4fde1b173246dd766f45191fd10243757ca5857e8b5eec72ce162f7f8a3e404b45e8be8f0bb210190a6a23e4a5f6c2e206a66

    • SSDEEP

      3072:E8uSV75J+zulVBD+3181omJnGXzyjV2KjEyVnxyLEeWzPp/Rb3PhvYd+rNl2ofYz:E8uSVHDlVBDNomJGXexTffe2RISsh4H

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks