General

  • Target

    JaffaCakes118_75c40d884da1a8737cf753f06a112362

  • Size

    548KB

  • Sample

    250201-z266rssnaj

  • MD5

    75c40d884da1a8737cf753f06a112362

  • SHA1

    69475138a4563d3e19020bb0a852f3a1b63ccb17

  • SHA256

    4dc971bc449025613129664f9ca0105d8323ba76cd885f4be7cbf326d44580d6

  • SHA512

    12be8fd22dd123018df11c44bdb4b99bef019ca7801ed4ed590c4be3da071bce885ef83eced0d47cecd08e437b40e62ba0e15426f0c5c553b76a3d726685b07e

  • SSDEEP

    12288:C8zeWo6BiAPJxrBUGI9FUL3FIut5cCrHK6P:CoPo6BFJxlUBUxtOsn

Malware Config

Targets

    • Target

      JaffaCakes118_75c40d884da1a8737cf753f06a112362

    • Size

      548KB

    • MD5

      75c40d884da1a8737cf753f06a112362

    • SHA1

      69475138a4563d3e19020bb0a852f3a1b63ccb17

    • SHA256

      4dc971bc449025613129664f9ca0105d8323ba76cd885f4be7cbf326d44580d6

    • SHA512

      12be8fd22dd123018df11c44bdb4b99bef019ca7801ed4ed590c4be3da071bce885ef83eced0d47cecd08e437b40e62ba0e15426f0c5c553b76a3d726685b07e

    • SSDEEP

      12288:C8zeWo6BiAPJxrBUGI9FUL3FIut5cCrHK6P:CoPo6BFJxlUBUxtOsn

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks