General

  • Target

    JaffaCakes118_fe6bc1160e61962ea9695e876d59afeb

  • Size

    624KB

  • Sample

    250216-cb2f9swngz

  • MD5

    fe6bc1160e61962ea9695e876d59afeb

  • SHA1

    df59f5ec5cd522bd2d8ae1155e9f9bb80e7fb22d

  • SHA256

    0205738ecf99fe12f96b4ad615534a3560125482a22b969578d9395da97afa86

  • SHA512

    8f60c4ed19d4c0db96fb10c8e359fdc7ca132ed25e351ad9dd0ee9b549849f40be84e7c9c82b257bedd5792263bb0e2394dccf02c2190477bcee07aa81d52a79

  • SSDEEP

    12288:7WVFSKrGZnYyzzVblLyp1xrVvPL8igpUscxJSEhTzW3GORn/tC2:Wy5lLy0vlcxwSOxw

Malware Config

Targets

    • Target

      JaffaCakes118_fe6bc1160e61962ea9695e876d59afeb

    • Size

      624KB

    • MD5

      fe6bc1160e61962ea9695e876d59afeb

    • SHA1

      df59f5ec5cd522bd2d8ae1155e9f9bb80e7fb22d

    • SHA256

      0205738ecf99fe12f96b4ad615534a3560125482a22b969578d9395da97afa86

    • SHA512

      8f60c4ed19d4c0db96fb10c8e359fdc7ca132ed25e351ad9dd0ee9b549849f40be84e7c9c82b257bedd5792263bb0e2394dccf02c2190477bcee07aa81d52a79

    • SSDEEP

      12288:7WVFSKrGZnYyzzVblLyp1xrVvPL8igpUscxJSEhTzW3GORn/tC2:Wy5lLy0vlcxwSOxw

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks