General

  • Target

    JaffaCakes118_e67dc58e2a1221cc1ca02c4033f3f536

  • Size

    531KB

  • Sample

    250211-p2s9ss1ndk

  • MD5

    e67dc58e2a1221cc1ca02c4033f3f536

  • SHA1

    d4d7ddc1d2df64deb5887104aaa07ee803b0c42f

  • SHA256

    0034adaefa4ec8ad384b72e4d5d0766c49f3aabe94d06c3309b0b1618729a06f

  • SHA512

    ecd88832935e027fb2fb9d3047ed3c76a190e5d7364007a4f7b6f4c7f315898bed2b456cd8b4ae1d2fe2cf74ceff65266337c902f50599eb08a0db95a8ae0616

  • SSDEEP

    12288:9mucTg1VKdxsxgw6eufZfg55YZ0a7H1AxyQsZL:gu4Sgxs6w6eqo/s9hAxyDZL

Malware Config

Targets

    • Target

      JaffaCakes118_e67dc58e2a1221cc1ca02c4033f3f536

    • Size

      531KB

    • MD5

      e67dc58e2a1221cc1ca02c4033f3f536

    • SHA1

      d4d7ddc1d2df64deb5887104aaa07ee803b0c42f

    • SHA256

      0034adaefa4ec8ad384b72e4d5d0766c49f3aabe94d06c3309b0b1618729a06f

    • SHA512

      ecd88832935e027fb2fb9d3047ed3c76a190e5d7364007a4f7b6f4c7f315898bed2b456cd8b4ae1d2fe2cf74ceff65266337c902f50599eb08a0db95a8ae0616

    • SSDEEP

      12288:9mucTg1VKdxsxgw6eufZfg55YZ0a7H1AxyQsZL:gu4Sgxs6w6eqo/s9hAxyDZL

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks