General

  • Target

    JaffaCakes118_ff3b169d9f29c7704282e821093a95ad

  • Size

    295KB

  • Sample

    250216-egy97s1keq

  • MD5

    ff3b169d9f29c7704282e821093a95ad

  • SHA1

    502e30b0b2512d08ef4c99ea5289f5483b52f4f1

  • SHA256

    a6640051dd0db3c716287a7bc527ce1b3979ad8c9a62e1245d41343ca5f88eb0

  • SHA512

    21403ddf1f7ff23276887d856791a54c538a9b99919c810cd27bc7072499af6a32a53e4e62719cbe21005ea1cc37e88523942ada3fd4fb26efe802fb5e7f76c8

  • SSDEEP

    6144:Hg2hTSrKvmpwAHx8ADA1epmoI+zwOLoxZq2djzpqbTYDmwihkoS3:HxhTS64R8UAemBO0xZq2dzpqmmthkoS3

Malware Config

Targets

    • Target

      JaffaCakes118_ff3b169d9f29c7704282e821093a95ad

    • Size

      295KB

    • MD5

      ff3b169d9f29c7704282e821093a95ad

    • SHA1

      502e30b0b2512d08ef4c99ea5289f5483b52f4f1

    • SHA256

      a6640051dd0db3c716287a7bc527ce1b3979ad8c9a62e1245d41343ca5f88eb0

    • SHA512

      21403ddf1f7ff23276887d856791a54c538a9b99919c810cd27bc7072499af6a32a53e4e62719cbe21005ea1cc37e88523942ada3fd4fb26efe802fb5e7f76c8

    • SSDEEP

      6144:Hg2hTSrKvmpwAHx8ADA1epmoI+zwOLoxZq2djzpqbTYDmwihkoS3:HxhTS64R8UAemBO0xZq2dzpqmmthkoS3

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks