General

  • Target

    JaffaCakes118_7c208fca01c68860acc59c17ba581947

  • Size

    850KB

  • Sample

    250202-mzw7kazqgm

  • MD5

    7c208fca01c68860acc59c17ba581947

  • SHA1

    186d983264057c89d6b54fbce471b1f3c972ad1f

  • SHA256

    33bcad2e57bba0cde232d9938aefc803ed846eb1fac1030dc8429d99d0abcf31

  • SHA512

    31961a442b6c1473494c677cebc62d5b5f26e609fb3cdbdf7460b9cb03e1dcd7481526154cc5b1f1ddf9ef071bf715398584bb58f4d0e846621aaca42afe536f

  • SSDEEP

    12288:5aWzgMg7v3qnCiMErQohh0F4CCJ8lny/QiC5x602XkkoC3/3q:YaHMv6Corjqny/QC0kkkoAa

Malware Config

Targets

    • Target

      JaffaCakes118_7c208fca01c68860acc59c17ba581947

    • Size

      850KB

    • MD5

      7c208fca01c68860acc59c17ba581947

    • SHA1

      186d983264057c89d6b54fbce471b1f3c972ad1f

    • SHA256

      33bcad2e57bba0cde232d9938aefc803ed846eb1fac1030dc8429d99d0abcf31

    • SHA512

      31961a442b6c1473494c677cebc62d5b5f26e609fb3cdbdf7460b9cb03e1dcd7481526154cc5b1f1ddf9ef071bf715398584bb58f4d0e846621aaca42afe536f

    • SSDEEP

      12288:5aWzgMg7v3qnCiMErQohh0F4CCJ8lny/QiC5x602XkkoC3/3q:YaHMv6Corjqny/QC0kkkoAa

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks