Overview

overview

10

Static

static

3

JaffaCakes...94.exe

windows7-x64

10

JaffaCakes...94.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5da7fc78ba07bb5fa31e81d856c90094

  • Size

    704KB

  • Sample

    250310-hlhd2awwct

  • MD5

    5da7fc78ba07bb5fa31e81d856c90094

  • SHA1

    422f58e0fcc1b33fc91249f3f25bcdd14ccd4a88

  • SHA256

    920fbbe5585057e032eaaedb3d92d6e663f4a1410ad83f0fef1544a83d182418

  • SHA512

    938a96d993ed11ac6754b09bf4e3054d5f2d5808fc5f2154d98d396e6cbdb62014f2568e728f3a31caadb08e946ed1db739306ebc67fa77a310e4b1f6be86b56

  • SSDEEP

    12288:lmmeIglT7m0jb37uJjpx8YwVfMZXmmW07XuE2aA3FUjmyWITFOYDLRh2zz2x5:lmnIOXpAjz8YkMcbWXv2rFUjOqFOYJB

Score
10/10
blackshadesdefense_evasiondiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_5da7fc78ba07bb5fa31e81d856c90094

    • Size

      704KB

    • MD5

      5da7fc78ba07bb5fa31e81d856c90094

    • SHA1

      422f58e0fcc1b33fc91249f3f25bcdd14ccd4a88

    • SHA256

      920fbbe5585057e032eaaedb3d92d6e663f4a1410ad83f0fef1544a83d182418

    • SHA512

      938a96d993ed11ac6754b09bf4e3054d5f2d5808fc5f2154d98d396e6cbdb62014f2568e728f3a31caadb08e946ed1db739306ebc67fa77a310e4b1f6be86b56

    • SSDEEP

      12288:lmmeIglT7m0jb37uJjpx8YwVfMZXmmW07XuE2aA3FUjmyWITFOYDLRh2zz2x5:lmnIOXpAjz8YkMcbWXv2rFUjOqFOYJB

    Score
    10/10
    blackshadesdefense_evasiondiscoveryrat

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

      ratblackshades

    • Blackshades family

      blackshades

    • Blackshades payload

    • Modifies firewall policy service

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks