General

  • Target

    JaffaCakes118_40debe4fcd1a4fa73032db2186f449ae

  • Size

    7.3MB

  • Sample

    250127-slj8qsvngj

  • MD5

    40debe4fcd1a4fa73032db2186f449ae

  • SHA1

    f1f827c6b02f8c7cc43e530e629daf7832e68509

  • SHA256

    382a6307d8d8a44ea40b4d32c8a84da82da38cf09e7337ad437b73c6dda70331

  • SHA512

    dc33a131739e95a94fdc765efbaf1a9eea7da36fe400fb0528fa1ec438e41bd3664ad56586e6d48843c0d3effaebe5dfecf31559dc24179aa7f078a321ba5c8e

  • SSDEEP

    196608:Y/6Zg8f409bI9UWb/MyeYce0CeOey7z1pT:i6GOAh6joHnzT

Malware Config

Targets

    • Target

      JaffaCakes118_40debe4fcd1a4fa73032db2186f449ae

    • Size

      7.3MB

    • MD5

      40debe4fcd1a4fa73032db2186f449ae

    • SHA1

      f1f827c6b02f8c7cc43e530e629daf7832e68509

    • SHA256

      382a6307d8d8a44ea40b4d32c8a84da82da38cf09e7337ad437b73c6dda70331

    • SHA512

      dc33a131739e95a94fdc765efbaf1a9eea7da36fe400fb0528fa1ec438e41bd3664ad56586e6d48843c0d3effaebe5dfecf31559dc24179aa7f078a321ba5c8e

    • SSDEEP

      196608:Y/6Zg8f409bI9UWb/MyeYce0CeOey7z1pT:i6GOAh6joHnzT

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks