General

  • Target

    JaffaCakes118_293ab620a675eb45c627d9302e8ae933

  • Size

    113KB

  • Sample

    250125-htyqzssral

  • MD5

    293ab620a675eb45c627d9302e8ae933

  • SHA1

    f84ddb9fa25b1aaf7dea366426a4349c433b9f7b

  • SHA256

    68b5e3f757ee5ea844898fca3f438f13e8b87daec9a2fd4bed31f32ff023e691

  • SHA512

    ac0fa13601523c5a48a412d33ca0c619739b013930802d98459aa03e6c8635582c73c6b63af97a3a59e898b5716260b239695fa46e9c756bed3a96cb8c0ab986

  • SSDEEP

    3072:IOEY4TjVzg8252TDH+U0p+Cjey9NxOjCzYsKF8t:I1Y4TZg8ZH+U0hj19NxECzYBK

Malware Config

Targets

    • Target

      JaffaCakes118_293ab620a675eb45c627d9302e8ae933

    • Size

      113KB

    • MD5

      293ab620a675eb45c627d9302e8ae933

    • SHA1

      f84ddb9fa25b1aaf7dea366426a4349c433b9f7b

    • SHA256

      68b5e3f757ee5ea844898fca3f438f13e8b87daec9a2fd4bed31f32ff023e691

    • SHA512

      ac0fa13601523c5a48a412d33ca0c619739b013930802d98459aa03e6c8635582c73c6b63af97a3a59e898b5716260b239695fa46e9c756bed3a96cb8c0ab986

    • SSDEEP

      3072:IOEY4TjVzg8252TDH+U0p+Cjey9NxOjCzYsKF8t:I1Y4TZg8ZH+U0hj19NxECzYBK

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks