General
-
Target
JaffaCakes118_45663f200ea15f8aa588698749ee3a85
-
Size
456KB
-
Sample
250303-hbhxtazxew
-
MD5
45663f200ea15f8aa588698749ee3a85
-
SHA1
64fafb9c0d72a470cc3b6bf5a0df9b294e1d5e64
-
SHA256
9bf15b67e81b20ffabcd51cdcc870d5d0d87f4c2d338da87d0d7c0dbda080b47
-
SHA512
f04a72c49382b4f182426d8aab274c2a88fe20164ef154256c325365a71a8ef80460d57a3f62d89ace6ed733ae1ff4ab7575befca75928651b868241f1cf55a7
-
SSDEEP
6144:mYyMJD5qmpAKVZJa0BgshVdBPudfhCUxypyQk25oS3RHwihKoY44L+4+aROrJypP:mYyMyhKVW0BgEVoVKk2bco5n51ygQb
Malware Config
Targets
-
-
Target
JaffaCakes118_45663f200ea15f8aa588698749ee3a85
-
Size
456KB
-
MD5
45663f200ea15f8aa588698749ee3a85
-
SHA1
64fafb9c0d72a470cc3b6bf5a0df9b294e1d5e64
-
SHA256
9bf15b67e81b20ffabcd51cdcc870d5d0d87f4c2d338da87d0d7c0dbda080b47
-
SHA512
f04a72c49382b4f182426d8aab274c2a88fe20164ef154256c325365a71a8ef80460d57a3f62d89ace6ed733ae1ff4ab7575befca75928651b868241f1cf55a7
-
SSDEEP
6144:mYyMJD5qmpAKVZJa0BgshVdBPudfhCUxypyQk25oS3RHwihKoY44L+4+aROrJypP:mYyMyhKVW0BgEVoVKk2bco5n51ygQb
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1