General

  • Target

    JaffaCakes118_e5d95aea644ac952b65c4b84b2b7a7fe

  • Size

    672KB

  • Sample

    250211-nj9ndsxkas

  • MD5

    e5d95aea644ac952b65c4b84b2b7a7fe

  • SHA1

    38a6568be65f4d5cc3c26f59301421ad633c6232

  • SHA256

    63291e1a912ccb234f004b685b798f8c2c299af1fd83d1f49952d90060d30979

  • SHA512

    4614adc6b6c851cfa07c632a144409cb606b2b640413cc48b92dc8b8d0cdd63d304c37b4fbeebe8ffef2dfeff6ac99d12c175aaa0f6b226022bda327c2866515

  • SSDEEP

    12288:0gvADZ61MKNkKTxMc1x+cPcfnbF/TiwEOQWe:5AlIJNUxcPqhOw2We

Malware Config

Targets

    • Target

      JaffaCakes118_e5d95aea644ac952b65c4b84b2b7a7fe

    • Size

      672KB

    • MD5

      e5d95aea644ac952b65c4b84b2b7a7fe

    • SHA1

      38a6568be65f4d5cc3c26f59301421ad633c6232

    • SHA256

      63291e1a912ccb234f004b685b798f8c2c299af1fd83d1f49952d90060d30979

    • SHA512

      4614adc6b6c851cfa07c632a144409cb606b2b640413cc48b92dc8b8d0cdd63d304c37b4fbeebe8ffef2dfeff6ac99d12c175aaa0f6b226022bda327c2866515

    • SSDEEP

      12288:0gvADZ61MKNkKTxMc1x+cPcfnbF/TiwEOQWe:5AlIJNUxcPqhOw2We

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks