General
-
Target
JaffaCakes118_468c8d2a8812459198c0140b3b0d805c
-
Size
570KB
-
Sample
250303-mlnm9sv1h1
-
MD5
468c8d2a8812459198c0140b3b0d805c
-
SHA1
a4a26b5ab5b09bdc1c415a057fcf53d9174b789b
-
SHA256
7d6ae029a210650160bf136cef4fd04c5743558a393b6e64316274ac8b0fc9b7
-
SHA512
1add09c07b9e722ea2b26b971b1aec2efb5d81383407bc07db7fdd73fbd713c9b941caa8696c17ae9810e85f59ea6c289bbdd9ece3709e3933f2d7b81ed5f27f
-
SSDEEP
12288:Q/Uj3WbaOzuYM78NW29Uuezee5UpbDK1vPenlYIQHkfNd8/oSGi:K5bxzud8NW2WueSrQ3e4UNd8gi
Malware Config
Targets
-
-
Target
JaffaCakes118_468c8d2a8812459198c0140b3b0d805c
-
Size
570KB
-
MD5
468c8d2a8812459198c0140b3b0d805c
-
SHA1
a4a26b5ab5b09bdc1c415a057fcf53d9174b789b
-
SHA256
7d6ae029a210650160bf136cef4fd04c5743558a393b6e64316274ac8b0fc9b7
-
SHA512
1add09c07b9e722ea2b26b971b1aec2efb5d81383407bc07db7fdd73fbd713c9b941caa8696c17ae9810e85f59ea6c289bbdd9ece3709e3933f2d7b81ed5f27f
-
SSDEEP
12288:Q/Uj3WbaOzuYM78NW29Uuezee5UpbDK1vPenlYIQHkfNd8/oSGi:K5bxzud8NW2WueSrQ3e4UNd8gi
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3