General

  • Target

    JaffaCakes118_7296fb9d9fa91d45235481a807eb1790

  • Size

    620KB

  • Sample

    250314-assvcazls2

  • MD5

    7296fb9d9fa91d45235481a807eb1790

  • SHA1

    676b08100885ae10ce94310fbef3b5065c5c2722

  • SHA256

    64e135661d4d5031ed4fd2ebbb588c036dcd8db7620d3393050da7464a3140b4

  • SHA512

    57d354d8aeccfd0e737742f51d0acef4d81d7dbc83bf21d27919c4c3f491982e84cc85d34d50e2b780f0362152c74213bd6f01932b8bbaf27e04781b9cce5fbb

  • SSDEEP

    6144:texxagiu8c3gaQPohW9dBLHVMAtoXobLlteTZ1kl:8UgiXrqAtoXoXlKk

Malware Config

Targets

    • Target

      JaffaCakes118_7296fb9d9fa91d45235481a807eb1790

    • Size

      620KB

    • MD5

      7296fb9d9fa91d45235481a807eb1790

    • SHA1

      676b08100885ae10ce94310fbef3b5065c5c2722

    • SHA256

      64e135661d4d5031ed4fd2ebbb588c036dcd8db7620d3393050da7464a3140b4

    • SHA512

      57d354d8aeccfd0e737742f51d0acef4d81d7dbc83bf21d27919c4c3f491982e84cc85d34d50e2b780f0362152c74213bd6f01932b8bbaf27e04781b9cce5fbb

    • SSDEEP

      6144:texxagiu8c3gaQPohW9dBLHVMAtoXobLlteTZ1kl:8UgiXrqAtoXoXlKk

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks