General

  • Target

    JaffaCakes118_7eb3b378eb8cb877b2f2be667ee32edf

  • Size

    510KB

  • Sample

    250202-t2q7nazmax

  • MD5

    7eb3b378eb8cb877b2f2be667ee32edf

  • SHA1

    1f25b565a1042d662bf6504c2f0849b90fefafaa

  • SHA256

    4667cc1c606bb2190a7cd13810a38b318141457a60b2d6d4f83f49dfe5bda6a2

  • SHA512

    99fe455b1ed284bb4d9ac4ba8743dab7b3c73521fe14180691785a19ca72dc4cf19de41b692c6cc3c02a862538bb711f5c980793af8f6d51b4ad4b3e20356d2a

  • SSDEEP

    12288:hXsytFlbZkXuVHOlH3k3C3Nz0CVhL8jQrSQ/qmp:lsytFlWeVu1k3CtVaDQ/B

Malware Config

Targets

    • Target

      JaffaCakes118_7eb3b378eb8cb877b2f2be667ee32edf

    • Size

      510KB

    • MD5

      7eb3b378eb8cb877b2f2be667ee32edf

    • SHA1

      1f25b565a1042d662bf6504c2f0849b90fefafaa

    • SHA256

      4667cc1c606bb2190a7cd13810a38b318141457a60b2d6d4f83f49dfe5bda6a2

    • SHA512

      99fe455b1ed284bb4d9ac4ba8743dab7b3c73521fe14180691785a19ca72dc4cf19de41b692c6cc3c02a862538bb711f5c980793af8f6d51b4ad4b3e20356d2a

    • SSDEEP

      12288:hXsytFlbZkXuVHOlH3k3C3Nz0CVhL8jQrSQ/qmp:lsytFlWeVu1k3CtVaDQ/B

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks