General

  • Target

    JaffaCakes118_e8533f00c91e7a8b22eb9fb731c92d24

  • Size

    498KB

  • Sample

    250211-t9d73atjal

  • MD5

    e8533f00c91e7a8b22eb9fb731c92d24

  • SHA1

    fc43489fed3c45d8762f7e95ed2ba5044c505d36

  • SHA256

    11590510fb5da1bc1c0daad0b97ebd1bb030ec732c5bd8e730df740761e0eb93

  • SHA512

    386c3a313d60c4d6c9b3ec7034f6c15f64c04b48c5786fb6c6d2bdc947a672ddb78c1df8be55cce2f5b8a42205af68e6cd12feaac12ba91b01e7d0acbe29341e

  • SSDEEP

    12288:yFgMieKl9n/vHnDWxFychC7/gpFofbi/:yce6t/PDVLi

Malware Config

Targets

    • Target

      JaffaCakes118_e8533f00c91e7a8b22eb9fb731c92d24

    • Size

      498KB

    • MD5

      e8533f00c91e7a8b22eb9fb731c92d24

    • SHA1

      fc43489fed3c45d8762f7e95ed2ba5044c505d36

    • SHA256

      11590510fb5da1bc1c0daad0b97ebd1bb030ec732c5bd8e730df740761e0eb93

    • SHA512

      386c3a313d60c4d6c9b3ec7034f6c15f64c04b48c5786fb6c6d2bdc947a672ddb78c1df8be55cce2f5b8a42205af68e6cd12feaac12ba91b01e7d0acbe29341e

    • SSDEEP

      12288:yFgMieKl9n/vHnDWxFychC7/gpFofbi/:yce6t/PDVLi

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks