General

  • Target

    JaffaCakes118_72cd32604807ad0a8626c27f895f0c25

  • Size

    248KB

  • Sample

    250314-b77gqa1pt3

  • MD5

    72cd32604807ad0a8626c27f895f0c25

  • SHA1

    fde6b213e292b427bf2dbb5c866bb352df8171ac

  • SHA256

    238b7451e4045cecf343e153d8d8d1e89730a34b27714777e95c534e7d7dfd38

  • SHA512

    f0641254a5ead3ed1fcf40c8d7f94c5597f38367d966044fa17b7381f3b55958c765c367a9f695dccc1798078572849d779de6640de3a510e8238545f2806187

  • SSDEEP

    3072:KXDV/maZotcsJHsp4Itwn7fJAHr4AKKGu0eMFp4/N+yow6+yAP40phbR+Vh:KzFmklt8rGre5eMFp4F+yow6UPvNR+7

Malware Config

Targets

    • Target

      JaffaCakes118_72cd32604807ad0a8626c27f895f0c25

    • Size

      248KB

    • MD5

      72cd32604807ad0a8626c27f895f0c25

    • SHA1

      fde6b213e292b427bf2dbb5c866bb352df8171ac

    • SHA256

      238b7451e4045cecf343e153d8d8d1e89730a34b27714777e95c534e7d7dfd38

    • SHA512

      f0641254a5ead3ed1fcf40c8d7f94c5597f38367d966044fa17b7381f3b55958c765c367a9f695dccc1798078572849d779de6640de3a510e8238545f2806187

    • SSDEEP

      3072:KXDV/maZotcsJHsp4Itwn7fJAHr4AKKGu0eMFp4/N+yow6+yAP40phbR+Vh:KzFmklt8rGre5eMFp4F+yow6UPvNR+7

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks