General

  • Target

    JaffaCakes118_4bbe9169963d1d016f69ad287b4119c9

  • Size

    524KB

  • Sample

    250304-hbcqsssydy

  • MD5

    4bbe9169963d1d016f69ad287b4119c9

  • SHA1

    6fcfdf40045f39fdc49ae4cb2b7177b5a87bc752

  • SHA256

    2157cdf75751321f01486c3a5f35ae0664dec2544738ad5c130457f8d1d4b96e

  • SHA512

    5e702e09a760b4e84ed0f8cfb3d2d8b6d71478f010ccca2b1b37e536589558277e74bf82f2a2b2774a4d3d2afd3a8f74d8bc99a9b4f178434edcf1bfc52f2fc6

  • SSDEEP

    12288:BGxqtSCKT/R0lFDPbAbxujwIrdkDcxqmeIE1uhi1ASooS8joS:BG8oCcAFDgxIKD9f1IJXf8

Malware Config

Targets

    • Target

      JaffaCakes118_4bbe9169963d1d016f69ad287b4119c9

    • Size

      524KB

    • MD5

      4bbe9169963d1d016f69ad287b4119c9

    • SHA1

      6fcfdf40045f39fdc49ae4cb2b7177b5a87bc752

    • SHA256

      2157cdf75751321f01486c3a5f35ae0664dec2544738ad5c130457f8d1d4b96e

    • SHA512

      5e702e09a760b4e84ed0f8cfb3d2d8b6d71478f010ccca2b1b37e536589558277e74bf82f2a2b2774a4d3d2afd3a8f74d8bc99a9b4f178434edcf1bfc52f2fc6

    • SSDEEP

      12288:BGxqtSCKT/R0lFDPbAbxujwIrdkDcxqmeIE1uhi1ASooS8joS:BG8oCcAFDgxIKD9f1IJXf8

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks