General

  • Target

    JaffaCakes118_ff2fb0280b4408645eb922e172e9781e

  • Size

    496KB

  • Sample

    250216-edtkjs1nbw

  • MD5

    ff2fb0280b4408645eb922e172e9781e

  • SHA1

    731bbe6dee64faa686348e15459b0c2620e102c0

  • SHA256

    7f135059d5c101f8bf5c9d5f13d46b788fde58195695a7607037ef21926db87b

  • SHA512

    dfbc4053d599e99d786ecf7bc266d4202884b78933075d9bab90f2065a39752833009258826bb6d2ad26c172b99b588e0b0242cfe4d9980517e724415affe959

  • SSDEEP

    12288:p98bva6OOTChMrM8TjJH/XrOlznR1oMG2PdHIg:p98byWbfTdXi5oMG21H

Malware Config

Targets

    • Target

      JaffaCakes118_ff2fb0280b4408645eb922e172e9781e

    • Size

      496KB

    • MD5

      ff2fb0280b4408645eb922e172e9781e

    • SHA1

      731bbe6dee64faa686348e15459b0c2620e102c0

    • SHA256

      7f135059d5c101f8bf5c9d5f13d46b788fde58195695a7607037ef21926db87b

    • SHA512

      dfbc4053d599e99d786ecf7bc266d4202884b78933075d9bab90f2065a39752833009258826bb6d2ad26c172b99b588e0b0242cfe4d9980517e724415affe959

    • SSDEEP

      12288:p98bva6OOTChMrM8TjJH/XrOlznR1oMG2PdHIg:p98byWbfTdXi5oMG21H

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks