General

  • Target

    JaffaCakes118_4e423ca61479155240e468249e910d17

  • Size

    604KB

  • Sample

    250304-s9hd2svkw3

  • MD5

    4e423ca61479155240e468249e910d17

  • SHA1

    176efe1fa84bb19fe5a2b675498e7643a9744c0d

  • SHA256

    532abc378196ed0e191e14ca9bd29574569e3755dc9636f4fa2b4af1d36ae38f

  • SHA512

    6ff42e9de12acc49f95e51d60ceaeaafa3ad3bb07ffef78a16b0b2a6aa8cef5ff98003f873b69fbc33547f37ede94a256857cae8a98a972d010e2d705a092d9c

  • SSDEEP

    12288:KkhHpPRI2jLfx8NghlAiGhtfYnLh0wZPIQssG7:lJPRLJughVGrfT4Pxq

Malware Config

Targets

    • Target

      JaffaCakes118_4e423ca61479155240e468249e910d17

    • Size

      604KB

    • MD5

      4e423ca61479155240e468249e910d17

    • SHA1

      176efe1fa84bb19fe5a2b675498e7643a9744c0d

    • SHA256

      532abc378196ed0e191e14ca9bd29574569e3755dc9636f4fa2b4af1d36ae38f

    • SHA512

      6ff42e9de12acc49f95e51d60ceaeaafa3ad3bb07ffef78a16b0b2a6aa8cef5ff98003f873b69fbc33547f37ede94a256857cae8a98a972d010e2d705a092d9c

    • SSDEEP

      12288:KkhHpPRI2jLfx8NghlAiGhtfYnLh0wZPIQssG7:lJPRLJughVGrfT4Pxq

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks