General

  • Target

    JaffaCakes118_fef4a3cb53cddb18160b23a348cd08bd

  • Size

    323KB

  • Sample

    250216-dqplpayqhl

  • MD5

    fef4a3cb53cddb18160b23a348cd08bd

  • SHA1

    34ba9271b2d20a1b7931d7893f5f99c81c63c6dd

  • SHA256

    003d5fb8c4898406ed5f7796a8c16915f90e7ab03e2a797bd2844be2a0ed97c7

  • SHA512

    911086ecfbfb6911264cd02adb7fc32518b58945123a6a13f0a57dddfc659897d636f04b8950b4c75a2c13941e9d4241029fc1c2ca98a5bd79f0ac61a1fb228f

  • SSDEEP

    6144:EXLWH8s4/qnMRAgWUQQMo0asHOWkeNeDO/3l3LNP37RPK:EXLWH8scAMRAgWB3tHOWkeNeDOP/Pd

Malware Config

Targets

    • Target

      JaffaCakes118_fef4a3cb53cddb18160b23a348cd08bd

    • Size

      323KB

    • MD5

      fef4a3cb53cddb18160b23a348cd08bd

    • SHA1

      34ba9271b2d20a1b7931d7893f5f99c81c63c6dd

    • SHA256

      003d5fb8c4898406ed5f7796a8c16915f90e7ab03e2a797bd2844be2a0ed97c7

    • SHA512

      911086ecfbfb6911264cd02adb7fc32518b58945123a6a13f0a57dddfc659897d636f04b8950b4c75a2c13941e9d4241029fc1c2ca98a5bd79f0ac61a1fb228f

    • SSDEEP

      6144:EXLWH8s4/qnMRAgWUQQMo0asHOWkeNeDO/3l3LNP37RPK:EXLWH8scAMRAgWB3tHOWkeNeDOP/Pd

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks