General

  • Target

    JaffaCakes118_ec78c36082e9a44c345d79701d135ac4

  • Size

    3.4MB

  • Sample

    250212-c9bnhaxmdq

  • MD5

    ec78c36082e9a44c345d79701d135ac4

  • SHA1

    7a04b2dbdac66ffb08bd5a1cc66a051d6d3dc087

  • SHA256

    57061cd3e00ea27c740b87818395b451fec61b2f951682574ad2016fbd3a51c1

  • SHA512

    29570b7af665a9669f8b76b2c94099733d6986570362026dd22fad31e4986e861bae7cc6f000843a488feff44b3d306757fb73d3141e0557c19fe3995ab69e4e

  • SSDEEP

    98304:P+pGI5OMHQWY9NP/xSoNkllffiygwpDiHa3:WpxH7uP/YoN4pigpDiHS

Malware Config

Targets

    • Target

      password.exe

    • Size

      1.1MB

    • MD5

      fdadef5b0ffdb6fb4b92e94b9d5d0d5f

    • SHA1

      a240fa366f81ae43749f961e75521451e5278847

    • SHA256

      ea149a67bd03ce0925244fc64440de177c267185159bb6c7372598896658da91

    • SHA512

      c61a9279bf636305c3a820c941c3bf40ddd0dba9224bdf8812d9c8b0f9277e6de17dd1f629d5ad46b8a81d5f8633af668acf05b0f5cb3c1e7ddb0a25b097fc95

    • SSDEEP

      12288:3vTBBV98o0/+/mqruvu3YGLoYpse4reBlQAKxCqS1vpdSqmj2aGhYij5aBlkHk+Y:w0pFlQK/dSq4ra5dPf2XN+U

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Downloads MZ/PE file

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks