General

  • Target

    JaffaCakes118_763a9df96628a5dc526fb6079c42c431

  • Size

    505KB

  • Sample

    250315-m9b95sssgs

  • MD5

    763a9df96628a5dc526fb6079c42c431

  • SHA1

    b17fd9c50241cac770cc8fc9844812a521a197f9

  • SHA256

    bf3b88d9222e23a37ee6e2d5d25b384e05a84956b18753af344a021cde261d83

  • SHA512

    d74158cb1b2b2e64f512b339212ac5e86e0b4b0038b59ef2da8826cb8a0469d187045909ede2336a8941b83f8d8abeb600873092a58a23a41b6c4b00443042ad

  • SSDEEP

    12288:EOBj4U4RwiiSBZECSllrESCzUXAiPVnHVc9e0I:EOR4RJ08O1ie0I

Malware Config

Targets

    • Target

      JaffaCakes118_763a9df96628a5dc526fb6079c42c431

    • Size

      505KB

    • MD5

      763a9df96628a5dc526fb6079c42c431

    • SHA1

      b17fd9c50241cac770cc8fc9844812a521a197f9

    • SHA256

      bf3b88d9222e23a37ee6e2d5d25b384e05a84956b18753af344a021cde261d83

    • SHA512

      d74158cb1b2b2e64f512b339212ac5e86e0b4b0038b59ef2da8826cb8a0469d187045909ede2336a8941b83f8d8abeb600873092a58a23a41b6c4b00443042ad

    • SSDEEP

      12288:EOBj4U4RwiiSBZECSllrESCzUXAiPVnHVc9e0I:EOR4RJ08O1ie0I

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Disables RegEdit via registry modification

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks