General

  • Target

    JaffaCakes118_fee28ae597ff2a8427e1e0f174d17aef

  • Size

    608KB

  • Sample

    250216-dkmj5szjdw

  • MD5

    fee28ae597ff2a8427e1e0f174d17aef

  • SHA1

    91a8aab251732d41d693d8ab49e5d4ded57d62a0

  • SHA256

    e88ed5381bc46c4146c719d0c39cfc8824cc5e94ea70e00759fdcd532edcc94e

  • SHA512

    eda611e2d1b355b2f5b5ebb450bfe84ea59498da9a2e9f0f686c6f43c8dc70b539bead0702b5c0a650873ce5b3c919acb4085c6a583ac641c4993ce56addc58a

  • SSDEEP

    12288:XvbnaX5nRu1Z3A7r/GCj8zvVnXgE6wGIlqeCmS0mowdn:fjahRu1Z3y6VmSGWOmSQ4n

Malware Config

Targets

    • Target

      JaffaCakes118_fee28ae597ff2a8427e1e0f174d17aef

    • Size

      608KB

    • MD5

      fee28ae597ff2a8427e1e0f174d17aef

    • SHA1

      91a8aab251732d41d693d8ab49e5d4ded57d62a0

    • SHA256

      e88ed5381bc46c4146c719d0c39cfc8824cc5e94ea70e00759fdcd532edcc94e

    • SHA512

      eda611e2d1b355b2f5b5ebb450bfe84ea59498da9a2e9f0f686c6f43c8dc70b539bead0702b5c0a650873ce5b3c919acb4085c6a583ac641c4993ce56addc58a

    • SSDEEP

      12288:XvbnaX5nRu1Z3A7r/GCj8zvVnXgE6wGIlqeCmS0mowdn:fjahRu1Z3y6VmSGWOmSQ4n

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks