General

  • Target

    JaffaCakes118_fe509d59957944e228b83996e6e0149b

  • Size

    416KB

  • Sample

    250216-b3gqhawjfy

  • MD5

    fe509d59957944e228b83996e6e0149b

  • SHA1

    3b1f2a1c52f5f88c84f952a7f3f80a5d819523de

  • SHA256

    e80776015f965ee8073fbb62b9e9177ed4f6183341f6616049cad119048d6e3e

  • SHA512

    059cd57b85d032d7de6d564e5537e7566e9fca5d3b3189d0f64f90c34a2e602a5343edbe11a2fbc20dea1a5ad98336be528888c447fcf4bf6f3a1e76707b2c51

  • SSDEEP

    3072:7RvbTPohLTDXXN9E3rRoN+Sb+RURa11gTt3Z3o3H3n3z373gdgePhxza3tjzTiPQ:9f+HncVRUsKdgeQPT8EGAtOclrKf5aA

Malware Config

Targets

    • Target

      JaffaCakes118_fe509d59957944e228b83996e6e0149b

    • Size

      416KB

    • MD5

      fe509d59957944e228b83996e6e0149b

    • SHA1

      3b1f2a1c52f5f88c84f952a7f3f80a5d819523de

    • SHA256

      e80776015f965ee8073fbb62b9e9177ed4f6183341f6616049cad119048d6e3e

    • SHA512

      059cd57b85d032d7de6d564e5537e7566e9fca5d3b3189d0f64f90c34a2e602a5343edbe11a2fbc20dea1a5ad98336be528888c447fcf4bf6f3a1e76707b2c51

    • SSDEEP

      3072:7RvbTPohLTDXXN9E3rRoN+Sb+RURa11gTt3Z3o3H3n3z373gdgePhxza3tjzTiPQ:9f+HncVRUsKdgeQPT8EGAtOclrKf5aA

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks