General

  • Target

    JaffaCakes118_cb0aa6e1a46b8d760facadf30393f5ce

  • Size

    588KB

  • Sample

    250209-erq2kswngk

  • MD5

    cb0aa6e1a46b8d760facadf30393f5ce

  • SHA1

    37b61938fb673a6bdc7734609f2847ced55f7b23

  • SHA256

    0bf7c0310a606982acf055cf3638647d84a4489168474216ff8850d1a0bc126e

  • SHA512

    adbe3c60b00a450406817af4af969f36d14b14f5e65eb531f08299afe3c351000d3ee01e9e709431173b4f89b93c3d02d7e108268a546c399933ff11144053b5

  • SSDEEP

    12288:g329NY7AAu6wpBXnd6yiwygqB5KFM8jT1eBBsPTkWiX5adQ2dV:g32XYnw7IyiBuDpeBtWUcdQ

Malware Config

Targets

    • Target

      JaffaCakes118_cb0aa6e1a46b8d760facadf30393f5ce

    • Size

      588KB

    • MD5

      cb0aa6e1a46b8d760facadf30393f5ce

    • SHA1

      37b61938fb673a6bdc7734609f2847ced55f7b23

    • SHA256

      0bf7c0310a606982acf055cf3638647d84a4489168474216ff8850d1a0bc126e

    • SHA512

      adbe3c60b00a450406817af4af969f36d14b14f5e65eb531f08299afe3c351000d3ee01e9e709431173b4f89b93c3d02d7e108268a546c399933ff11144053b5

    • SSDEEP

      12288:g329NY7AAu6wpBXnd6yiwygqB5KFM8jT1eBBsPTkWiX5adQ2dV:g32XYnw7IyiBuDpeBtWUcdQ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks