General

  • Target

    JaffaCakes118_4b9c1b0cb1689b0dc5f929c5f2d2b3b9

  • Size

    439KB

  • Sample

    250304-gsm3esstdx

  • MD5

    4b9c1b0cb1689b0dc5f929c5f2d2b3b9

  • SHA1

    202043c47a8a6b481d5314d78f249fa8cf1c119e

  • SHA256

    9a597e3eba6f59e2688596f0321a9d99c20a8e7c6925e8fd52c462256318f433

  • SHA512

    a4753ae56d73f546eb065865cdfc5a7a2ab34ac08ca4ce68a131fb8843df33b02946508a0d893e3a5d030fb7c1a2c7ad0385a5506d79dfedfabd9a0148fa1d08

  • SSDEEP

    12288:ZOna/PGgrreDnYs3bFTu66GMMf/91xo2Mkddd:0amVrYshakz393zdd

Malware Config

Targets

    • Target

      JaffaCakes118_4b9c1b0cb1689b0dc5f929c5f2d2b3b9

    • Size

      439KB

    • MD5

      4b9c1b0cb1689b0dc5f929c5f2d2b3b9

    • SHA1

      202043c47a8a6b481d5314d78f249fa8cf1c119e

    • SHA256

      9a597e3eba6f59e2688596f0321a9d99c20a8e7c6925e8fd52c462256318f433

    • SHA512

      a4753ae56d73f546eb065865cdfc5a7a2ab34ac08ca4ce68a131fb8843df33b02946508a0d893e3a5d030fb7c1a2c7ad0385a5506d79dfedfabd9a0148fa1d08

    • SSDEEP

      12288:ZOna/PGgrreDnYs3bFTu66GMMf/91xo2Mkddd:0amVrYshakz393zdd

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks