General

  • Target

    JaffaCakes118_2d8450a79238e856da8e4a139868ca89

  • Size

    460KB

  • Sample

    250227-qp9xfsyqy3

  • MD5

    2d8450a79238e856da8e4a139868ca89

  • SHA1

    12c74a2a759225412eacc8c75d32350c98a47bc4

  • SHA256

    4239f63ad0ddf74cd296c86e9c68dba22c4df3317ba261425a7ed0df764b745a

  • SHA512

    24ee639d4e61a3b6ecfa382f956273572fdfb658fde86262a028236517d45b70225f61f0023331529b4ae66290412568c3a93a3848a925e275f765598a56170b

  • SSDEEP

    12288:ObqyxfRJ1vAKkjdGJBVBQT2zMZ/wafeES:oqyxfR3vARjdGsUMZ/vVS

Malware Config

Targets

    • Target

      JaffaCakes118_2d8450a79238e856da8e4a139868ca89

    • Size

      460KB

    • MD5

      2d8450a79238e856da8e4a139868ca89

    • SHA1

      12c74a2a759225412eacc8c75d32350c98a47bc4

    • SHA256

      4239f63ad0ddf74cd296c86e9c68dba22c4df3317ba261425a7ed0df764b745a

    • SHA512

      24ee639d4e61a3b6ecfa382f956273572fdfb658fde86262a028236517d45b70225f61f0023331529b4ae66290412568c3a93a3848a925e275f765598a56170b

    • SSDEEP

      12288:ObqyxfRJ1vAKkjdGJBVBQT2zMZ/wafeES:oqyxfR3vARjdGsUMZ/vVS

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks