General

  • Target

    JaffaCakes118_168defe2280e38b4ccfc2c2a8080590c

  • Size

    536KB

  • Sample

    250222-cahb1avnc1

  • MD5

    168defe2280e38b4ccfc2c2a8080590c

  • SHA1

    3d66f6f630035cfc6dc088cdc255cb5b46a4d1c6

  • SHA256

    c9ddb7eeafbf0192f428d2eb0d6bf0f03d1b8a032bf2520c9c95f24fbb220ef7

  • SHA512

    764dc81cf181ee344d65ffd3f50899d00f9bc5062f2da835b7b7bc6a86c5d82ee1e0982107ae4c3541d95ec38192cfe07f9772d552d0c1e222483b9e7c914af3

  • SSDEEP

    12288:X8+x+abo8wrfaovBsjgz1QwtbuWuaoviU82+vVZyy67MI5:j+aLboppOkil6URV

Malware Config

Targets

    • Target

      JaffaCakes118_168defe2280e38b4ccfc2c2a8080590c

    • Size

      536KB

    • MD5

      168defe2280e38b4ccfc2c2a8080590c

    • SHA1

      3d66f6f630035cfc6dc088cdc255cb5b46a4d1c6

    • SHA256

      c9ddb7eeafbf0192f428d2eb0d6bf0f03d1b8a032bf2520c9c95f24fbb220ef7

    • SHA512

      764dc81cf181ee344d65ffd3f50899d00f9bc5062f2da835b7b7bc6a86c5d82ee1e0982107ae4c3541d95ec38192cfe07f9772d552d0c1e222483b9e7c914af3

    • SSDEEP

      12288:X8+x+abo8wrfaovBsjgz1QwtbuWuaoviU82+vVZyy67MI5:j+aLboppOkil6URV

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks