General

  • Target

    JaffaCakes118_7fccbe64ede5d90dd4b6c0f0459f6a8f

  • Size

    360KB

  • Sample

    250202-xjwafawrbm

  • MD5

    7fccbe64ede5d90dd4b6c0f0459f6a8f

  • SHA1

    1f3b2bf7f19c130c7a49b8944ff11e1f2a4b1b08

  • SHA256

    05dfdfd9d2a590ace577febbb76a1039f766596c72e0c6450772566f49359480

  • SHA512

    9e6e8265d385c5d675fc4d5e6bcbcf02fea183f98b149923744562c5578cbaa72c0acb8c1a4dc4baa80e475c54994c8c03fe2ea8cb9a30016132f1ac7e19061d

  • SSDEEP

    6144:K9IzIbz3RT9eg/5R2MaMCorVUnp6f4GbB0C13uSQrwc0cBLBsK5p09YDH2lSXyH:KSYREg2VMCK0p6fBiC13bQrNbs+p09OQ

Malware Config

Targets

    • Target

      JaffaCakes118_7fccbe64ede5d90dd4b6c0f0459f6a8f

    • Size

      360KB

    • MD5

      7fccbe64ede5d90dd4b6c0f0459f6a8f

    • SHA1

      1f3b2bf7f19c130c7a49b8944ff11e1f2a4b1b08

    • SHA256

      05dfdfd9d2a590ace577febbb76a1039f766596c72e0c6450772566f49359480

    • SHA512

      9e6e8265d385c5d675fc4d5e6bcbcf02fea183f98b149923744562c5578cbaa72c0acb8c1a4dc4baa80e475c54994c8c03fe2ea8cb9a30016132f1ac7e19061d

    • SSDEEP

      6144:K9IzIbz3RT9eg/5R2MaMCorVUnp6f4GbB0C13uSQrwc0cBLBsK5p09YDH2lSXyH:KSYREg2VMCK0p6fBiC13bQrNbs+p09OQ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks