General

  • Target

    JaffaCakes118_4a7c5314a7a469f1129f8e6ecde5883f

  • Size

    152KB

  • Sample

    250304-cj5hwswqt9

  • MD5

    4a7c5314a7a469f1129f8e6ecde5883f

  • SHA1

    dea5dbdf63cf1cc0864f11809cb074bf837cb3c3

  • SHA256

    95cbe5717f3095cd9e65143222c4c8f699c9b5a739ad8aa85de49c5b180938f7

  • SHA512

    5dc9545420aec72ec021f0138a8dba96338083fc6fbd2e7daeb66faa9e3d646ae6d11240ceac92555b6aab2f54ebc402c546fc0d8f92752b80f1712272178210

  • SSDEEP

    3072:KBbyIjo3yxqrIM8NGAHhX7XWWXGRf5jocsGDGcRCu:KBbFT1FHhLfXGLUxhu

Malware Config

Targets

    • Target

      JaffaCakes118_4a7c5314a7a469f1129f8e6ecde5883f

    • Size

      152KB

    • MD5

      4a7c5314a7a469f1129f8e6ecde5883f

    • SHA1

      dea5dbdf63cf1cc0864f11809cb074bf837cb3c3

    • SHA256

      95cbe5717f3095cd9e65143222c4c8f699c9b5a739ad8aa85de49c5b180938f7

    • SHA512

      5dc9545420aec72ec021f0138a8dba96338083fc6fbd2e7daeb66faa9e3d646ae6d11240ceac92555b6aab2f54ebc402c546fc0d8f92752b80f1712272178210

    • SSDEEP

      3072:KBbyIjo3yxqrIM8NGAHhX7XWWXGRf5jocsGDGcRCu:KBbFT1FHhLfXGLUxhu

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks