General

  • Target

    JaffaCakes118_fdcc2a7360a45b754b139a810e2260b2

  • Size

    466KB

  • Sample

    250216-ap7jbsslaj

  • MD5

    fdcc2a7360a45b754b139a810e2260b2

  • SHA1

    7413b779f3a0a0bab0de8426a86c046033bcfbe1

  • SHA256

    d77827115e9d64b161ae016e418277415386f44727ff45674f663108479d8241

  • SHA512

    4ce081f831e98e12ef4f59dc536f12b8561f0e23b5ed5f7c7322fafab6adc291d657eeb3b74048eded2dfb379ac6e824e471d64d1b7ff747c419470a50476e0a

  • SSDEEP

    6144:jJfcnFYFde4wl9wUw4ODQ5i/0pfyVyZvV0jfpR5FZdNkBLGenICEfyIiFcaby7oG:WJK0pa+sKBwiGaby7aq

Malware Config

Targets

    • Target

      JaffaCakes118_fdcc2a7360a45b754b139a810e2260b2

    • Size

      466KB

    • MD5

      fdcc2a7360a45b754b139a810e2260b2

    • SHA1

      7413b779f3a0a0bab0de8426a86c046033bcfbe1

    • SHA256

      d77827115e9d64b161ae016e418277415386f44727ff45674f663108479d8241

    • SHA512

      4ce081f831e98e12ef4f59dc536f12b8561f0e23b5ed5f7c7322fafab6adc291d657eeb3b74048eded2dfb379ac6e824e471d64d1b7ff747c419470a50476e0a

    • SSDEEP

      6144:jJfcnFYFde4wl9wUw4ODQ5i/0pfyVyZvV0jfpR5FZdNkBLGenICEfyIiFcaby7oG:WJK0pa+sKBwiGaby7aq

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks