General

  • Target

    JaffaCakes118_7483b0f397e84146d65270811acaf406

  • Size

    499KB

  • Sample

    250314-rd357sssdy

  • MD5

    7483b0f397e84146d65270811acaf406

  • SHA1

    6ec8454dd815d82cd0efc6346aa814b625ae20b5

  • SHA256

    6a2c322a94239a463c6c66d19d8525aac5885780d5358d9f3c20ad143a5bce47

  • SHA512

    729382817ab74f744473aa2dae27e0ea5480c0299d8471dcc901537f187467ffb003be5436971e19d9a2fa633c0b1affa3e2b7e89edfd3a3d0645a944e338a32

  • SSDEEP

    12288:4jYv5Vow6Yv79aZZxQKqA6ldGmNDvXT1w+sh5VV+n5t1Vai9:AwpTI3xQKLqL/vaVV+f1VaK

Malware Config

Targets

    • Target

      JaffaCakes118_7483b0f397e84146d65270811acaf406

    • Size

      499KB

    • MD5

      7483b0f397e84146d65270811acaf406

    • SHA1

      6ec8454dd815d82cd0efc6346aa814b625ae20b5

    • SHA256

      6a2c322a94239a463c6c66d19d8525aac5885780d5358d9f3c20ad143a5bce47

    • SHA512

      729382817ab74f744473aa2dae27e0ea5480c0299d8471dcc901537f187467ffb003be5436971e19d9a2fa633c0b1affa3e2b7e89edfd3a3d0645a944e338a32

    • SSDEEP

      12288:4jYv5Vow6Yv79aZZxQKqA6ldGmNDvXT1w+sh5VV+n5t1Vai9:AwpTI3xQKLqL/vaVV+f1VaK

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Renames multiple (197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks