General
-
Target
JaffaCakes118_5342bb5c52f3d500f72b8af90f55037b
-
Size
2.2MB
-
Sample
250305-xstg7swry5
-
MD5
5342bb5c52f3d500f72b8af90f55037b
-
SHA1
baf8aea13305a21bbc68e5d4307556f5bbbc8a45
-
SHA256
44a9fc0e80e1c0fc336ad9ffbcfb6798df39edce12e3307e99856262609af562
-
SHA512
6ea93af0a65a86e19e66e1de17c7f679e022b1df8d72a7b0ccc49c082731f4c18c4a983b4965d845ef5c0366f79e4fa1ab9d2d12a7a09d5917584b9a6ac65c92
-
SSDEEP
3072:70flfMKbX5Mp9Zit/oRr69t6lKpQRrndKEbt1z8P8mBo6:T9Zit/oRr69t6lKpQRrndKEbMD
Malware Config
Targets
-
-
Target
JaffaCakes118_5342bb5c52f3d500f72b8af90f55037b
-
Size
2.2MB
-
MD5
5342bb5c52f3d500f72b8af90f55037b
-
SHA1
baf8aea13305a21bbc68e5d4307556f5bbbc8a45
-
SHA256
44a9fc0e80e1c0fc336ad9ffbcfb6798df39edce12e3307e99856262609af562
-
SHA512
6ea93af0a65a86e19e66e1de17c7f679e022b1df8d72a7b0ccc49c082731f4c18c4a983b4965d845ef5c0366f79e4fa1ab9d2d12a7a09d5917584b9a6ac65c92
-
SSDEEP
3072:70flfMKbX5Mp9Zit/oRr69t6lKpQRrndKEbt1z8P8mBo6:T9Zit/oRr69t6lKpQRrndKEbMD
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-