General

  • Target

    JaffaCakes118_fde5a33d30fab221c1b7ad3b51f8e8b3

  • Size

    2.1MB

  • Sample

    250216-a1r8sasqcq

  • MD5

    fde5a33d30fab221c1b7ad3b51f8e8b3

  • SHA1

    b98bf52a11f32b0f7ae139c7556c6919b01e5b14

  • SHA256

    0072936191466179cf9b700e6724da9ddd7f30c7434e93ae3e1eaa7d82108825

  • SHA512

    b5df71bbfa7c95818e26ca8e64ffb6e1fecf013b247bec03a63fcfc0a69abf7b39282cf948f685d4386eb9b8a1c082ff06a4004fda142a54f2a0f4aa41ec1add

  • SSDEEP

    49152:1wj77kwLOJd7foZCIBqF/xwPsq1wKh5xtTxMnu8DUXac:1wf7bLOJKpBIJcsUrxtG/QK

Malware Config

Targets

    • Target

      JaffaCakes118_fde5a33d30fab221c1b7ad3b51f8e8b3

    • Size

      2.1MB

    • MD5

      fde5a33d30fab221c1b7ad3b51f8e8b3

    • SHA1

      b98bf52a11f32b0f7ae139c7556c6919b01e5b14

    • SHA256

      0072936191466179cf9b700e6724da9ddd7f30c7434e93ae3e1eaa7d82108825

    • SHA512

      b5df71bbfa7c95818e26ca8e64ffb6e1fecf013b247bec03a63fcfc0a69abf7b39282cf948f685d4386eb9b8a1c082ff06a4004fda142a54f2a0f4aa41ec1add

    • SSDEEP

      49152:1wj77kwLOJd7foZCIBqF/xwPsq1wKh5xtTxMnu8DUXac:1wf7bLOJKpBIJcsUrxtG/QK

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks