General

  • Target

    JaffaCakes118_e5312e0c5aadad43be0d359772b1e728

  • Size

    255KB

  • Sample

    250211-l4hz3asrgj

  • MD5

    e5312e0c5aadad43be0d359772b1e728

  • SHA1

    7d3472fa87bdb5bb866d6474b61336455cb6cf8b

  • SHA256

    805b73793f141dd6ff3d9e86ee210ff8b6ded0800fa2d354802f63adaca86bb6

  • SHA512

    a94a4e1084e674863c1be3bcabc980483719bdbd7d127c6ee753373861c7dc922e226257bc6e051ffdea1743b72633a761c172fbdb904e80f17d14d9f2e9e3ee

  • SSDEEP

    6144:TPe0Cw0vokMsRjkTUC7gcepF41jEh3yKmP:TPCwHk9oTUCkppaEM

Malware Config

Targets

    • Target

      JaffaCakes118_e5312e0c5aadad43be0d359772b1e728

    • Size

      255KB

    • MD5

      e5312e0c5aadad43be0d359772b1e728

    • SHA1

      7d3472fa87bdb5bb866d6474b61336455cb6cf8b

    • SHA256

      805b73793f141dd6ff3d9e86ee210ff8b6ded0800fa2d354802f63adaca86bb6

    • SHA512

      a94a4e1084e674863c1be3bcabc980483719bdbd7d127c6ee753373861c7dc922e226257bc6e051ffdea1743b72633a761c172fbdb904e80f17d14d9f2e9e3ee

    • SSDEEP

      6144:TPe0Cw0vokMsRjkTUC7gcepF41jEh3yKmP:TPCwHk9oTUCkppaEM

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks