General
-
Target
JaffaCakes118_7d88f1dc07795ebf10f9cb025c26df1c
-
Size
808KB
-
Sample
250202-rcca4awrcn
-
MD5
7d88f1dc07795ebf10f9cb025c26df1c
-
SHA1
8b40bac4815a1f423bfb7392f3cd829d19a57425
-
SHA256
6099d3db49deb0b3e10f6ec70b77890facf037312ad54c3a5d279d7837ab3342
-
SHA512
9c8a0be31083ed5a0732b1ab5dd168dfd9b73d7939f78afba7827462863b1d2c3a8bf610927b30186a44957cd96129ca7c11e0f5a652084c53e36f8b8b2cb37e
-
SSDEEP
12288:RaTD5Z1TJnOKbSezj36YL/watEp1RMMTV+eFiGUCHF32:y5ZNJdbFfK6/lEpLTF9l
Malware Config
Targets
-
-
Target
JaffaCakes118_7d88f1dc07795ebf10f9cb025c26df1c
-
Size
808KB
-
MD5
7d88f1dc07795ebf10f9cb025c26df1c
-
SHA1
8b40bac4815a1f423bfb7392f3cd829d19a57425
-
SHA256
6099d3db49deb0b3e10f6ec70b77890facf037312ad54c3a5d279d7837ab3342
-
SHA512
9c8a0be31083ed5a0732b1ab5dd168dfd9b73d7939f78afba7827462863b1d2c3a8bf610927b30186a44957cd96129ca7c11e0f5a652084c53e36f8b8b2cb37e
-
SSDEEP
12288:RaTD5Z1TJnOKbSezj36YL/watEp1RMMTV+eFiGUCHF32:y5ZNJdbFfK6/lEpLTF9l
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1