General

  • Target

    JaffaCakes118_49b5cdcd1470735a53ccdb329a22d0fc

  • Size

    764KB

  • Sample

    250303-3ahkwaspz2

  • MD5

    49b5cdcd1470735a53ccdb329a22d0fc

  • SHA1

    d42de99e98ec98ee9dd36ef77801417a3f0cd8ae

  • SHA256

    450f8782023b25154df0402ddfa8a13535988873618a7311e4c8609752c6cc36

  • SHA512

    37bb2c5bcb5af35df553c9a9d89728dabcce085516e6e8a17d206f918c917252b374dee85598aa20e9d855dc13735f8191f79dcb691aa30a284adf4db2ffb87f

  • SSDEEP

    12288:SNre4BlkwDX5fZ8YW0YfYaYgf7WX8Y9pqJ71GHYR9ID3c8wk08BbBMgdueLkbGyt:T4Pz5olWSJI69uggdyPt

Malware Config

Targets

    • Target

      JaffaCakes118_49b5cdcd1470735a53ccdb329a22d0fc

    • Size

      764KB

    • MD5

      49b5cdcd1470735a53ccdb329a22d0fc

    • SHA1

      d42de99e98ec98ee9dd36ef77801417a3f0cd8ae

    • SHA256

      450f8782023b25154df0402ddfa8a13535988873618a7311e4c8609752c6cc36

    • SHA512

      37bb2c5bcb5af35df553c9a9d89728dabcce085516e6e8a17d206f918c917252b374dee85598aa20e9d855dc13735f8191f79dcb691aa30a284adf4db2ffb87f

    • SSDEEP

      12288:SNre4BlkwDX5fZ8YW0YfYaYgf7WX8Y9pqJ71GHYR9ID3c8wk08BbBMgdueLkbGyt:T4Pz5olWSJI69uggdyPt

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks