General

  • Target

    JaffaCakes118_7a5638f59a7e82885cb7ef6b59658ed3

  • Size

    764KB

  • Sample

    250202-h34cts1naw

  • MD5

    7a5638f59a7e82885cb7ef6b59658ed3

  • SHA1

    9623e557e6604c14d849ceedcf6d33856036324f

  • SHA256

    1089a2ba7976d42895bd819f74a8aab0c24936bfe8fc3ca737923c4464318fd5

  • SHA512

    399a8d6fae5f20bda56883a25c1c0741a222ac31dfde33e7184055d94893f9b5bef84297196e39d2b418d5411c7f49c1e230c76fe6dd42750cbe933e6854a92d

  • SSDEEP

    12288:0yv5CmRjt3tgYBq2MS8uO/EtH/rBFin7lNw5LIjIRNoFlWQ:FQmRlt/q2MS2QGn7lNYJNDQ

Malware Config

Targets

    • Target

      JaffaCakes118_7a5638f59a7e82885cb7ef6b59658ed3

    • Size

      764KB

    • MD5

      7a5638f59a7e82885cb7ef6b59658ed3

    • SHA1

      9623e557e6604c14d849ceedcf6d33856036324f

    • SHA256

      1089a2ba7976d42895bd819f74a8aab0c24936bfe8fc3ca737923c4464318fd5

    • SHA512

      399a8d6fae5f20bda56883a25c1c0741a222ac31dfde33e7184055d94893f9b5bef84297196e39d2b418d5411c7f49c1e230c76fe6dd42750cbe933e6854a92d

    • SSDEEP

      12288:0yv5CmRjt3tgYBq2MS8uO/EtH/rBFin7lNw5LIjIRNoFlWQ:FQmRlt/q2MS2QGn7lNYJNDQ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks